format the repo files

2026-04-26 10:27:50 +02:00
parent 92fd97c9a2
commit b319cd93e9
116 changed files with 4726 additions and 4247 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -0,0 +1,108 @@
 # CLAUDE.md
 This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
 ## What This Repo Is
 A NixOS flake configuration managing multiple hosts (desktops, laptops, servers). All hosts share common settings via `hosts/configuration_common.nix` and are assembled in `hosts/default.nix`.
 ## Common Commands
 ```bash
 # Format all nix files
 nix fmt
 # Build a host configuration (no activation)
 nixos-rebuild build --flake .#<host>
 # Switch the current host
 sudo nixos-rebuild switch --flake .#<host>
 # Build a custom package
 nix build .#<package>
 # Edit an age-encrypted secret
 agenix -e secrets/<path>.age
 # Re-key all secrets after adding a new host key to secrets/secrets.nix
 agenix -r
 ```
 ## Architecture
 ### Entry Points
 - `flake.nix` — defines inputs (nixpkgs stable=25.11, unstable, home-manager, agenix, lanzaboote, jovian-nixos, microvm, impermanence, noctalia) and calls `hosts/default.nix` for `nixosConfigurations`
 - `hosts/default.nix` — instantiates every host via `lib.nixosSystem`; contains the `mkHM` helper that wires home-manager into a host's modules list
 ### Host Structure
 Each host lives in `hosts/<name>/`:
 - `default.nix` — imports either `../../modules/desktop` or `../../modules/server`, sets the module options (`myDesktop.*` / `myServer.*`), and adds host-specific settings
 - `home.nix` — host-specific home-manager config (merged with `hosts/home.nix` for desktops or `hosts/home_server.nix` for servers)
 - `hardware-configuration.nix` — generated hardware config
 Shared host-level files:
 - `hosts/configuration_common.nix` — applied to every host: SSH (key-only, no root), locale, nix GC/settings, zsh, fonts, auto-upgrade flake URL
 - `hosts/home.nix` — desktop home-manager base
 - `hosts/home_server.nix` — server home-manager base
 ### Module System
 Two top-level NixOS modules expose all major knobs as typed options:
 **`modules/desktop/default.nix`** — `myDesktop.*`
 - `windowManager`: `"niri"` (default) | `"sway"` | `"kde"`
 - `cpu`: `"amd"` | `"intel"` | `"none"` — selects KVM kernel params
 - `virtualisation.enable` — podman (docker-compat) + qemu/libvirt + virt-manager
 - `syncthing.{enable,devices,folders}`
 - `openrgb.{enable,motherboard}`
 - `laptop.{enable,lidSwitch,hibernateDelaySec}`
 - `nitrokey.enable`
 - `niri.hotkeyVariant`: `"default"` | `"lifebook"`
 - `git.signingKey` — SSH key for commit signing
 - `extraSystemPackages`
 **`modules/server/default.nix`** — `myServer.*`
 - `sshPort` (default 2220)
 - `virtualisation.{enable,cpu}` — podman only (no libvirt)
 - `fail2ban.enable`
 - `autoUpgrade.enable` (default true)
 - `uid`, `sudoRequiresPassword`, `extraGroups`, `extraSystemPackages`
 Service bundles are imported as lists in host `default.nix`:
 - `modules/services/server/` — kabtop services (gitea, nextcloud, matrix, coturn, hydra, mealie, etc.)
 - `modules/services/nas/` — jupiter services (nfs, vaultwarden, syncthing, paperless)
 - `modules/services/dmz/` — dmz services (gitea runner microVM)
 - `modules/services/kabtopci/` — kabtopci services (hydra, gitea runner)
 - `modules/services/nasbackup/` — nasbak backup jobs
 ### Secrets (agenix)
 `secrets/secrets.nix` declares which age public keys (users + host SSH keys) can decrypt each `.age` file. Add a new host: add its `ssh-ed25519` host key to `secrets/secrets.nix` in the relevant groups, then run `agenix -r` to re-key.
 ### Custom Packages & Overlays
 - `packages/` — custom packages (e.g. `corosync-qdevice`), imported at `flake.nix` level
 - `overlays/` — nixpkgs overlays applied globally
 - Per-host overlays: set `nixpkgs.overlays` inside the host's `default.nix` so only that host is affected
 ### Disk Layouts
 `disko/` contains reusable disko modules: `btrfs.nix`, `btrfs_luks.nix`, `nas_luks.nix` — referenced during initial install.
 ## Active Hosts
 | Host | Role | WM / Notes |
 |---|---|---|
 | hades | Desktop | niri, AMD, Secure Boot (lanzaboote) |
 | lifebook | Laptop | niri, Intel, Secure Boot |
 | steamdeck | Gaming | KDE/Jovian-NixOS, Secure Boot |
 | kabtop | Main server | gitea, nextcloud, matrix+bridges, coturn, hydra, mealie |
 | kabtopci | CI server | hydra, nix-serve |
 | jupiter | NAS | nfs, vaultwarden, syncthing, paperless |
 | dmz | DMZ | gitea Actions homerunner microVM |
 | nasbak | NAS backup | — |
 | kubemaster-1 | K8s master | — |
 See `SERVICES.md` for port-level service details per host.
--- a/flake.nix
+++ b/flake.nix
@@ -5,7 +5,6 @@
 #  flake.nix *
 #   ├─ ./hosts
 #   │   └─ default.nix
 {
  description = "Kabbone's personal NixOS Flake config";
@@ -21,12 +20,14 @@
    impermanence.url = "github:nix-community/impermanence";
-      home-manager = {                                                      # User Package Management
+    home-manager = {
      # User Package Management
      url = "github:nix-community/home-manager/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-      home-manager-unstable = {                                                      # User Package Management
+    home-manager-unstable = {
      # User Package Management
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };
@@ -50,7 +51,6 @@
      url = "github:noctalia-dev/noctalia-shell";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = {
@@ -67,8 +67,7 @@
    lanzaboote,
    noctalia,
    ...
-  } @ inputs:
+  } @ inputs: let
  let
    systems = [
      #      "aarch64-linux"
      "x86_64-linux"
@@ -91,9 +90,9 @@
    # These are usually stuff you would upstream into home-manager
    #homeManagerModules = import ./modules/home-manager;
    nixosConfigurations = ( # NixOS configurations
-      import ./hosts {                                                    # Imports ./hosts/default.nix
+      import ./hosts {
        # Imports ./hosts/default.nix
        inherit (nixpkgs) lib;
        inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote; # Also inherit home-manager so it does not need to be defined here.
      }
--- a/hosts/configuration_common.nix
+++ b/hosts/configuration_common.nix
@@ -2,10 +2,16 @@
 #  Common configuration shared by all hosts (desktop and server).
 #  Imported by configuration_desktop.nix and configuration_server.nix.
 #
 { config, lib, pkgs, inputs, user, location, agenix, ... }:
 {
  config,
  lib,
  pkgs,
  inputs,
  user,
  location,
  agenix,
  ...
 }: {
  imports = [
    ../modules/hardware/hydraCache.nix
  ];
--- a/hosts/configuration_server.nix
+++ b/hosts/configuration_server.nix
@@ -2,10 +2,16 @@
 #  Server configuration. Imports configuration_common.nix for shared settings.
 #  Service modules are imported per-host.
 #
 { config, lib, pkgs, inputs, user, location, agenix, ... }:
 {
  config,
  lib,
  pkgs,
  inputs,
  user,
  location,
  agenix,
  ...
 }: {
  imports = [
    ./configuration_common.nix
  ];
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -12,10 +12,21 @@
 #            ├─ ./default.nix
 #            └─ ./home.nix
 #
-
+{
-{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }:
+  lib,
-
+  inputs,
-let
+  nixpkgs,
  nixpkgs-unstable,
  nixos-hardware,
  home-manager,
  home-manager-unstable,
  agenix,
  jovian-nixos,
  microvm,
  impermanence,
  lanzaboote,
  ...
 }: let
  # Default user — desktop hosts share this; server hosts may override per-host
  # by passing a different `user` value in their own specialArgs block.
  defaultUser = "kabbone";
@@ -30,7 +41,10 @@ let
  pkgs-kabbone = import ../packages {
    inherit system;
-    pkgs = import nixpkgs { inherit system; config.allowUnfree = true; };
+    pkgs = import nixpkgs {
      inherit system;
      config.allowUnfree = true;
    };
  };
  pkgs = import nixpkgs {
@@ -55,13 +69,16 @@ let
      home-manager.users.${user}.imports = hmImports;
    }
  ];
-
+in {
-in
+  hades = lib.nixosSystem {
-{
+    # Desktop profile
  hades = lib.nixosSystem {                                # Desktop profile
    inherit system;
-    specialArgs = { inherit inputs location nixos-hardware agenix microvm nixpkgs lanzaboote; user = defaultUser; };
+    specialArgs = {
-    modules = [
+      inherit inputs location nixos-hardware agenix microvm nixpkgs lanzaboote;
      user = defaultUser;
    };
    modules =
      [
        agenix.nixosModules.default
        microvm.nixosModules.host
        lanzaboote.nixosModules.lanzaboote
@@ -71,106 +88,155 @@ in
        nixos-hardware.nixosModules.common-cpu-amd
        nixos-hardware.nixosModules.common-gpu-amd
        nixos-hardware.nixosModules.common-pc-ssd
-    ] ++ (mkHM home-manager defaultUser [ ./home.nix ./desktop/home.nix ]);
+      ]
      ++ (mkHM home-manager defaultUser [./home.nix ./desktop/home.nix]);
  };
-  lifebook = lib.nixosSystem {                                # Laptop profile
+  lifebook = lib.nixosSystem {
    # Laptop profile
    inherit system;
-    specialArgs = { inherit inputs location nixos-hardware agenix lanzaboote; user = defaultUser; };
+    specialArgs = {
-    modules = [
+      inherit inputs location nixos-hardware agenix lanzaboote;
      user = defaultUser;
    };
    modules =
      [
        agenix.nixosModules.default
        lanzaboote.nixosModules.lanzaboote
        ./lifebook # myDesktop options set inside
        ./configuration_common.nix
        nixos-hardware.nixosModules.common-cpu-intel
        nixos-hardware.nixosModules.common-pc-ssd
-    ] ++ (mkHM home-manager defaultUser [ ./home.nix ./lifebook/home.nix ]);
+      ]
      ++ (mkHM home-manager defaultUser [./home.nix ./lifebook/home.nix]);
  };
-  steamdeck = nixpkgs-unstable.lib.nixosSystem {            # steamdeck profile
+  steamdeck = nixpkgs-unstable.lib.nixosSystem {
    # steamdeck profile
    inherit system;
-    specialArgs = { inherit inputs location nixos-hardware agenix jovian-nixos lanzaboote; user = defaultUser; };
+    specialArgs = {
-    modules = [
+      inherit inputs location nixos-hardware agenix jovian-nixos lanzaboote;
      user = defaultUser;
    };
    modules =
      [
        agenix.nixosModules.default
        jovian-nixos.nixosModules.default
        lanzaboote.nixosModules.lanzaboote
        ./steamdeck
        ./configuration_common.nix
-    ] ++ (mkHM home-manager-unstable defaultUser [ ./home.nix ./steamdeck/home.nix ]);
+      ]
      ++ (mkHM home-manager-unstable defaultUser [./home.nix ./steamdeck/home.nix]);
  };
-  kabtop = lib.nixosSystem {                                # Server profile
+  kabtop = lib.nixosSystem {
    # Server profile
    inherit system;
-    specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
+    specialArgs = {
-    modules = [
+      inherit inputs location nixos-hardware agenix impermanence;
      user = defaultUser;
    };
    modules =
      [
        agenix.nixosModules.default
        microvm.nixosModules.host
        ./kabtop
        ./configuration_common.nix
        nixos-hardware.nixosModules.common-cpu-amd
        nixos-hardware.nixosModules.common-pc-ssd
-    ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kabtop/home.nix ]);
+      ]
      ++ (mkHM home-manager defaultUser [./home_server.nix ./kabtop/home.nix]);
  };
-  nasbak = lib.nixosSystem {                                # Server profile
+  nasbak = lib.nixosSystem {
    # Server profile
    inherit system;
-    specialArgs = { inherit inputs location nixos-hardware agenix; user = defaultUser; };
+    specialArgs = {
-    modules = [
+      inherit inputs location nixos-hardware agenix;
      user = defaultUser;
    };
    modules =
      [
        agenix.nixosModules.default
        ./nasbackup
        ./configuration_common.nix
        nixos-hardware.nixosModules.common-cpu-intel
        nixos-hardware.nixosModules.common-pc-ssd
-    ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./nasbackup/home.nix ]);
+      ]
      ++ (mkHM home-manager defaultUser [./home_server.nix ./nasbackup/home.nix]);
  };
-  jupiter = lib.nixosSystem {                                # Server profile
+  jupiter = lib.nixosSystem {
    # Server profile
    inherit system;
-    specialArgs = { inherit inputs location nixos-hardware agenix; user = defaultUser; };
+    specialArgs = {
-    modules = [
+      inherit inputs location nixos-hardware agenix;
      user = defaultUser;
    };
    modules =
      [
        agenix.nixosModules.default
        ./jupiter
        ./configuration_common.nix
        nixos-hardware.nixosModules.common-cpu-intel
        nixos-hardware.nixosModules.common-pc-ssd
-    ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./jupiter/home.nix ]);
+      ]
      ++ (mkHM home-manager defaultUser [./home_server.nix ./jupiter/home.nix]);
  };
-  kabtopci = lib.nixosSystem {                                # Server profile
+  kabtopci = lib.nixosSystem {
    # Server profile
    inherit system;
-    specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
+    specialArgs = {
-    modules = [
+      inherit inputs location nixos-hardware agenix impermanence;
      user = defaultUser;
    };
    modules =
      [
        agenix.nixosModules.default
        microvm.nixosModules.host
        ./kabtopci
        ./configuration_common.nix
        nixos-hardware.nixosModules.common-pc-ssd
-    ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kabtopci/home.nix ]);
+      ]
      ++ (mkHM home-manager defaultUser [./home_server.nix ./kabtopci/home.nix]);
  };
-  kubemaster-1 = lib.nixosSystem {                                # Server profile
+  kubemaster-1 = lib.nixosSystem {
    # Server profile
    inherit system;
-    specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
+    specialArgs = {
-    modules = [
+      inherit inputs location nixos-hardware agenix impermanence;
      user = defaultUser;
    };
    modules =
      [
        agenix.nixosModules.default
        microvm.nixosModules.host
        ./kubemaster-1
        ./configuration_common.nix
        nixos-hardware.nixosModules.common-cpu-intel
        nixos-hardware.nixosModules.common-pc-ssd
-    ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kubemaster-1/home.nix ]);
+      ]
      ++ (mkHM home-manager defaultUser [./home_server.nix ./kubemaster-1/home.nix]);
  };
-  dmz = lib.nixosSystem {                                # Server profile
+  dmz = lib.nixosSystem {
    # Server profile
    inherit system;
-    specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
+    specialArgs = {
-    modules = [
+      inherit inputs location nixos-hardware agenix impermanence;
      user = defaultUser;
    };
    modules =
      [
        agenix.nixosModules.default
        microvm.nixosModules.host
        ./dmz
        ./configuration_common.nix
        nixos-hardware.nixosModules.common-pc-ssd
-    ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./dmz/home.nix ]);
+      ]
      ++ (mkHM home-manager defaultUser [./home_server.nix ./dmz/home.nix]);
  };
  #  vm = lib.nixosSystem {                                    # VM profile
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -1,10 +1,12 @@
 #
 #  Hades desktop — system configuration
 #
 { lib, pkgs, inputs, ... }:
 {
  lib,
  pkgs,
  inputs,
  ...
 }: {
  # Example: host-specific overlays — only hades gets these packages in its pkgs.
  # nixpkgs.overlays = [
  #   (final: prev: {
--- a/hosts/desktop/hardware-configuration.nix
+++ b/hosts/desktop/hardware-configuration.nix
@@ -10,12 +10,16 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")] ++
+    [(modulesPath + "/installer/scan/not-detected.nix")]
-      [( import ../../modules/hardware/backup.nix )];
+    ++ [(import ../../modules/hardware/backup.nix)];
  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
  boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
@@ -94,60 +98,59 @@
    };
  };
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+    device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+    device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
  };
-  fileSystems."/srv" =
+  fileSystems."/srv" = {
-    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+    device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+    device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
  };
-  fileSystems."/swap" =
+  fileSystems."/swap" = {
-    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+    device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
  };
-  fileSystems."/mnt/snapshots/root" =
+  fileSystems."/mnt/snapshots/root" = {
-    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+    device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
  };
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
+    device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
    fsType = "vfat";
  };
-  fileSystems."/mnt/Pluto" =
+  fileSystems."/mnt/Pluto" = {
-    { device = "jupiter:/Pluto";
+    device = "jupiter:/Pluto";
    fsType = "nfs";
    options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
  };
-  fileSystems."/mnt/Mars" =
+  fileSystems."/mnt/Mars" = {
-    { device = "jupiter:/Mars";
+    device = "jupiter:/Mars";
    fsType = "nfs";
    options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
  };
  swapDevices = [{device = "/swap/swapfile";}];
  networking = {
--- a/hosts/desktop/home.nix
+++ b/hosts/desktop/home.nix
@@ -2,10 +2,7 @@
 #  Hades desktop — home-manager host-specific additions
 #  (WM home config is loaded by modules/desktop based on myDesktop.windowManager)
 #
-
+{pkgs, ...}: {
 { pkgs, ... }:
 {
  imports = [
    ../../modules/home.nix # cmds / theme options
  ];
--- a/hosts/dmz/default.nix
+++ b/hosts/dmz/default.nix
@@ -1,14 +1,20 @@
 #
 #  DMZ — demilitarised zone server configuration
 #
 { config, pkgs, user, agenix, impermanence, ... }:
 {
-  imports = [
+  config,
  pkgs,
  user,
  agenix,
  impermanence,
  ...
 }: {
  imports =
    [
      ./hardware-configuration.nix
      ../../modules/server
-  ] ++ (import ../../modules/services/dmz);
+    ]
    ++ (import ../../modules/services/dmz);
  # ── Server module options ───────────────────────────────────────────────
  myServer.virtualisation.enable = true;
--- a/hosts/dmz/hardware-configuration.nix
+++ b/hosts/dmz/hardware-configuration.nix
@@ -10,11 +10,15 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports =
+  config,
-    [ (modulesPath + "/profiles/qemu-guest.nix")
+  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
  boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"];
@@ -33,44 +37,44 @@
    ];
  };
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
  };
-  fileSystems."/srv" =
+  fileSystems."/srv" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
  };
-  fileSystems."/var" =
+  fileSystems."/var" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
  };
-  fileSystems."/swap" =
+  fileSystems."/swap" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
  };
-  fileSystems."/mnt/snapshots/root" =
+  fileSystems."/mnt/snapshots/root" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
  };
@@ -103,5 +107,4 @@
      allowedTCPPorts = [80 443];
    };
  };
 }
--- a/hosts/dmz/home.nix
+++ b/hosts/dmz/home.nix
@@ -10,16 +10,13 @@
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
-
+{pkgs, ...}: {
-{ pkgs, ... }:
+  imports = [
 {
  imports =
    [
    ../../modules/home.nix # Window Manager
  ];
-  home = {                                # Specific packages for laptop
+  home = {
    # Specific packages for laptop
    packages = with pkgs; [
      # Applications
@@ -32,5 +29,4 @@
  programs = {
    alacritty.settings.font.size = 11;
  };
 }
--- a/hosts/fuji/default.nix
+++ b/hosts/fuji/default.nix
@@ -16,21 +16,32 @@
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, nixpkgs, pkgs, user, lib, ... }:
 {
-  imports =                                                         # For now, if applying to other system, swap files
+  config,
-    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+  nixpkgs,
-    [(import ../../modules/wm/sway/default.nix)] ++         # Window Manager
+  pkgs,
-    (import ../../modules/wm/virtualisation) ++             # libvirt + Docker
+  user,
-    [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++   # kvm module options
+  lib,
  ...
 }: {
  imports =
    # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)]
    ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    [(import ../../modules/wm/sway/default.nix)]
    ++ # Window Manager
    (import ../../modules/wm/virtualisation)
    ++ # libvirt + Docker
    [(import ../../modules/wm/virtualisation/kvm-amd.nix)]
    ++ # kvm module options
    (import ../../modules/hardware); # Hardware devices
-  boot = {                                  # Boot options
+  boot = {
    # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
-    loader = {                              # EFI Boot
+    loader = {
      # EFI Boot
      systemd-boot.enable = lib.mkForce false;
      efi = {
        canTouchEfiVariables = true;
@@ -64,15 +75,16 @@
  services = {
    #auto-cpufreq.enable = true;
    blueman.enable = true;
-    avahi = {                               # Needed to find wireless printer
+    avahi = {
      # Needed to find wireless printer
      enable = true;
      nssmdns4 = true;
-      publish = {                           # Needed for detecting the scanner
+      publish = {
        # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
      };
    };
  };
 }
--- a/hosts/fuji/hardware-configuration.nix
+++ b/hosts/fuji/hardware-configuration.nix
@@ -10,12 +10,16 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")] ++
+    [(modulesPath + "/installer/scan/not-detected.nix")]
-      [( import ../../modules/hardware/backup.nix )];
+    ++ [(import ../../modules/hardware/backup.nix)];
  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
  boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
@@ -59,48 +63,47 @@
    };
  };
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+    device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+    device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
  };
-  fileSystems."/srv" =
+  fileSystems."/srv" = {
-    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+    device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+    device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
  };
-  fileSystems."/swap" =
+  fileSystems."/swap" = {
-    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+    device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
  };
-  fileSystems."/mnt/snapshots/root" =
+  fileSystems."/mnt/snapshots/root" = {
-    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
+    device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
  };
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
+    device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
    fsType = "vfat";
  };
  swapDevices = [{device = "/swap/swapfile";}];
  networking = {
--- a/hosts/fuji/home.nix
+++ b/hosts/fuji/home.nix
@@ -10,18 +10,15 @@
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
-
+{pkgs, ...}: {
-{ pkgs, ... }:
+  imports = [
 {
  imports =
    [
    #../../modules/wm/hyprland/home.nix # Window Manager
    #../../modules/wm/kde/home.nix # Window Manager
    ../../modules/home.nix # Window Manager
  ];
-  home = {                                # Specific packages for laptop
+  home = {
    # Specific packages for laptop
    packages = with pkgs; [
      # Applications
      #firefox
@@ -35,11 +32,11 @@
    ];
  };
-  services = {                            # Applets
+  services = {
    # Applets
    #blueman-applet.enable = true;         # Bluetooth
    network-manager-applet.enable = true; # Network
  };
  xsession.preferStatusNotifierItems = true;
 }
--- a/hosts/home.nix
+++ b/hosts/home.nix
@@ -14,16 +14,19 @@
 #       └─ ./shell
 #           └─ default.nix
 #
 { config, lib, pkgs, user, ... }:
 {
  config,
  lib,
  pkgs,
  user,
  ...
 }: {
  imports =
-    (import ../modules/editors) ++
+    (import ../modules/editors)
-    (import ../modules/programs) ++
+    ++ (import ../modules/programs)
-    (import ../modules/programs/configs) ++
+    ++ (import ../modules/programs/configs)
-    (import ../modules/services) ++
+    ++ (import ../modules/services)
-    (import ../modules/shell);
+    ++ (import ../modules/shell);
  home = {
    username = "${user}";
@@ -117,7 +120,6 @@
    };
  };
  #  gtk = {                                     # Theming
  #    enable = true;
  #    theme = {
--- a/hosts/home_server.nix
+++ b/hosts/home_server.nix
@@ -14,12 +14,17 @@
 #       └─ ./shell
 #           └─ default.nix
 #
 { config, lib, pkgs, user, ... }:
 {
-  imports =                                   # Home Manager Modules
+  config,
-    (import ../modules/editors) ++
+  lib,
  pkgs,
  user,
  ...
 }: {
  imports =
    # Home Manager Modules
    (import ../modules/editors)
    ++
    #(import ../modules/programs) ++
    #(import ../modules/programs/configs) ++
    #(import ../modules/services) ++
@@ -48,7 +53,6 @@
      rsync # Syncer $ rsync -r dir1/ dir2/
      #unzip             # Zip files
      #unrar             # Rar files
    ];
    stateVersion = "23.11";
  };
--- a/hosts/jupiter/default.nix
+++ b/hosts/jupiter/default.nix
@@ -1,14 +1,19 @@
 #
 #  Jupiter — NAS server configuration
 #
 { config, pkgs, inputs, user, ... }:
 {
-  imports = [
+  config,
  pkgs,
  inputs,
  user,
  ...
 }: {
  imports =
    [
      ./hardware-configuration.nix
      ../../modules/server
-  ] ++ (import ../../modules/services/nas);
+    ]
    ++ (import ../../modules/services/nas);
  # ── Server module options ───────────────────────────────────────────────
  # No virtualisation on the NAS
--- a/hosts/jupiter/hardware-configuration.nix
+++ b/hosts/jupiter/hardware-configuration.nix
@@ -10,12 +10,16 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports =
-    [(modulesPath + "/profiles/qemu-guest.nix")] ++
+    [(modulesPath + "/profiles/qemu-guest.nix")]
-    [( import ../../modules/hardware/backup.nix )];
+    ++ [(import ../../modules/hardware/backup.nix)];
  boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"];
  boot.initrd.kernelModules = [];
@@ -112,78 +116,78 @@
    };
  };
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
  };
-  fileSystems."/srv" =
+  fileSystems."/srv" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
  };
-  fileSystems."/swap" =
+  fileSystems."/swap" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
  };
-    fileSystems."/mnt/snapshots/root" =
+  fileSystems."/mnt/snapshots/root" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
  };
-    fileSystems."/mnt/snapshots/Mars" =
+  fileSystems."/mnt/snapshots/Mars" = {
-    { device = "/dev/disk/by-label/MARS";
+    device = "/dev/disk/by-label/MARS";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
  };
-  fileSystems."/mnt/snapshots/Pluto" =
+  fileSystems."/mnt/snapshots/Pluto" = {
-    { device = "/dev/disk/by-label/NAS-RAID";
+    device = "/dev/disk/by-label/NAS-RAID";
    fsType = "btrfs";
    options = ["compress=zstd:8,noatime,subvolid=5"];
  };
-  fileSystems."/mnt/Pluto" =
+  fileSystems."/mnt/Pluto" = {
-    { device = "/dev/disk/by-label/NAS-RAID";
+    device = "/dev/disk/by-label/NAS-RAID";
    fsType = "btrfs";
    options = ["compress=zstd:8,noatime,subvol=@"];
  };
-  fileSystems."/mnt/Mars" =
+  fileSystems."/mnt/Mars" = {
-    { device = "/dev/disk/by-label/MARS";
+    device = "/dev/disk/by-label/MARS";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nas,discard=async"];
  };
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-label/NIXBOOT";
+    device = "/dev/disk/by-label/NIXBOOT";
    fsType = "vfat";
  };
-  fileSystems."/export/Pluto" =
+  fileSystems."/export/Pluto" = {
-    { device = "/mnt/Pluto";
+    device = "/mnt/Pluto";
    options = ["bind"];
  };
-  fileSystems."/export/Mars" =
+  fileSystems."/export/Mars" = {
-    { device = "/mnt/Mars";
+    device = "/mnt/Mars";
    options = ["bind"];
  };
@@ -234,5 +238,4 @@
      ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
    '';
  };
 }
--- a/hosts/jupiter/home.nix
+++ b/hosts/jupiter/home.nix
@@ -10,16 +10,13 @@
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
-
+{pkgs, ...}: {
-{ pkgs, ... }:
+  imports = [
 {
  imports =
    [
    ../../modules/home.nix # Window Manager
  ];
-  home = {                                # Specific packages for laptop
+  home = {
    # Specific packages for laptop
    packages = with pkgs; [
      # Applications
@@ -32,5 +29,4 @@
  programs = {
    alacritty.settings.font.size = 11;
  };
 }
--- a/hosts/kabtop/default.nix
+++ b/hosts/kabtop/default.nix
@@ -1,14 +1,20 @@
 #
 #  Kabtop — server configuration
 #
 { config, pkgs, user, agenix, impermanence, ... }:
 {
-  imports = [
+  config,
  pkgs,
  user,
  agenix,
  impermanence,
  ...
 }: {
  imports =
    [
      ./hardware-configuration.nix
      ../../modules/server
-  ] ++ (import ../../modules/services/server);
+    ]
    ++ (import ../../modules/services/server);
  # ── Server module options ───────────────────────────────────────────────
  myServer.virtualisation.enable = true;
--- a/hosts/kabtop/hardware-configuration.nix
+++ b/hosts/kabtop/hardware-configuration.nix
@@ -10,11 +10,15 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports =
+  config,
-    [ (modulesPath + "/profiles/qemu-guest.nix")
+  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod"];
@@ -61,49 +65,48 @@
    };
  };
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
  };
-  fileSystems."/srv" =
+  fileSystems."/srv" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
  };
-  fileSystems."/var" =
+  fileSystems."/var" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
  };
-  fileSystems."/swap" =
+  fileSystems."/swap" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
  };
-  fileSystems."/mnt/snapshots/root" =
+  fileSystems."/mnt/snapshots/root" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
  };
  #swapDevices = [ { device = "/swap/swapfile"; } ];
  swapDevices = [];
@@ -144,6 +147,5 @@
    };
  };
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/kabtop/home.nix
+++ b/hosts/kabtop/home.nix
@@ -10,16 +10,13 @@
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
-
+{pkgs, ...}: {
-{ pkgs, ... }:
+  imports = [
 {
  imports =
    [
    ../../modules/home.nix # Window Manager
  ];
-  home = {                                # Specific packages for laptop
+  home = {
    # Specific packages for laptop
    packages = with pkgs; [
      # Applications
@@ -32,5 +29,4 @@
  programs = {
    alacritty.settings.font.size = 11;
  };
 }
--- a/hosts/kabtopci/default.nix
+++ b/hosts/kabtopci/default.nix
@@ -1,14 +1,20 @@
 #
 #  Kabtopci — CI server configuration
 #
 { config, pkgs, user, agenix, impermanence, ... }:
 {
-  imports = [
+  config,
  pkgs,
  user,
  agenix,
  impermanence,
  ...
 }: {
  imports =
    [
      ./hardware-configuration.nix
      ../../modules/server
-  ] ++ (import ../../modules/services/kabtopci);
+    ]
    ++ (import ../../modules/services/kabtopci);
  # ── Server module options ───────────────────────────────────────────────
  myServer.virtualisation.enable = true;
--- a/hosts/kabtopci/hardware-configuration.nix
+++ b/hosts/kabtopci/hardware-configuration.nix
@@ -10,11 +10,14 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports =
+  config,
-    [ (modulesPath + "/installer/scan/not-detected.nix")];
+  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
  boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk"];
  boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
@@ -32,38 +35,38 @@
    ];
  };
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
  };
-  fileSystems."/srv" =
+  fileSystems."/srv" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
  };
-  fileSystems."/var" =
+  fileSystems."/var" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
  };
-  fileSystems."/swap" =
+  fileSystems."/swap" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
  };
@@ -80,14 +83,18 @@
    interfaces = {
      ens3 = {
        useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
-        ipv4.addresses = [ {
+        ipv4.addresses = [
          {
            address = "195.90.221.87";
            prefixLength = 22;
-        } ];
+          }
-        ipv6.addresses = [ {
+        ];
        ipv6.addresses = [
          {
            address = "2a00:6800:3:d5b::2";
            prefixLength = 64;
-        } ];
+          }
        ];
      };
    };
    defaultGateway = "195.90.220.1";
--- a/hosts/kabtopci/home.nix
+++ b/hosts/kabtopci/home.nix
@@ -10,16 +10,13 @@
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
-
+{pkgs, ...}: {
-{ pkgs, ... }:
+  imports = [
 {
  imports =
    [
    ../../modules/home.nix # Window Manager
  ];
-  home = {                                # Specific packages for laptop
+  home = {
    # Specific packages for laptop
    packages = with pkgs; [
      # Applications
@@ -32,5 +29,4 @@
  programs = {
    alacritty.settings.font.size = 11;
  };
 }
--- a/hosts/kubemaster-1/default.nix
+++ b/hosts/kubemaster-1/default.nix
@@ -1,14 +1,20 @@
 #
 #  Kubemaster-1 — Kubernetes master server configuration
 #
 { config, pkgs, user, agenix, impermanence, ... }:
 {
-  imports = [
+  config,
  pkgs,
  user,
  agenix,
  impermanence,
  ...
 }: {
  imports =
    [
      ./hardware-configuration.nix
      ../../modules/server
-  ] ++ (import ../../modules/services/kubemaster);
+    ]
    ++ (import ../../modules/services/kubemaster);
  # ── Server module options ───────────────────────────────────────────────
  myServer.virtualisation.enable = true;
--- a/hosts/kubemaster-1/hardware-configuration.nix
+++ b/hosts/kubemaster-1/hardware-configuration.nix
@@ -10,11 +10,15 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports =
+  config,
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod"];
@@ -33,44 +37,44 @@
    ];
  };
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
  };
-  fileSystems."/srv" =
+  fileSystems."/srv" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
  };
-  fileSystems."/var" =
+  fileSystems."/var" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
  };
-  fileSystems."/swap" =
+  fileSystems."/swap" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
  };
-  fileSystems."/mnt/snapshots/root" =
+  fileSystems."/mnt/snapshots/root" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
  };
@@ -113,5 +117,4 @@
    '';
  };
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/hosts/kubemaster-1/home.nix
+++ b/hosts/kubemaster-1/home.nix
@@ -10,16 +10,13 @@
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
-
+{pkgs, ...}: {
-{ pkgs, ... }:
+  imports = [
 {
  imports =
    [
    ../../modules/home.nix # Window Manager
  ];
-  home = {                                # Specific packages for laptop
+  home = {
    # Specific packages for laptop
    packages = with pkgs; [
      # Applications
@@ -32,5 +29,4 @@
  programs = {
    alacritty.settings.font.size = 11;
  };
 }
--- a/hosts/lifebook/default.nix
+++ b/hosts/lifebook/default.nix
@@ -1,10 +1,12 @@
 #
 #  Lifebook laptop — system configuration
 #
 { lib, pkgs, user, ... }:
 {
  lib,
  pkgs,
  user,
  ...
 }: {
  imports = [
    ./hardware-configuration.nix
    ../../modules/desktop
--- a/hosts/lifebook/hardware-configuration.nix
+++ b/hosts/lifebook/hardware-configuration.nix
@@ -10,12 +10,16 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")] ++
+    [(modulesPath + "/installer/scan/not-detected.nix")]
-      [( import ../../modules/hardware/backup.nix )];
+    ++ [(import ../../modules/hardware/backup.nix)];
  boot = {
    initrd = {
@@ -43,7 +47,6 @@
  zramSwap.enable = true;
  services = {
    btrfs.autoScrub = {
      enable = true;
@@ -154,76 +157,73 @@
    };
  };
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
  };
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-label/NIXBOOT";
+    device = "/dev/disk/by-label/NIXBOOT";
    fsType = "vfat";
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
  };
-  fileSystems."/srv" =
+  fileSystems."/srv" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
  };
-  fileSystems."/swap" =
+  fileSystems."/swap" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
  };
-  fileSystems."/opt" =
+  fileSystems."/opt" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"];
  };
-  fileSystems."/var" =
+  fileSystems."/var" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
  };
-  fileSystems."/mnt/snapshots/root" =
+  fileSystems."/mnt/snapshots/root" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
  };
-
+  fileSystems."/mnt/Pluto" = {
-  fileSystems."/mnt/Pluto" =
+    device = "jupiter.home.opel-online.de:/Pluto";
    { device = "jupiter.home.opel-online.de:/Pluto";
    fsType = "nfs";
    options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
  };
-  fileSystems."/mnt/Mars" =
+  fileSystems."/mnt/Mars" = {
-    { device = "jupiter.home.opel-online.de:/Mars";
+    device = "jupiter.home.opel-online.de:/Mars";
    fsType = "nfs";
    options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
  };
  swapDevices = [{device = "/swap/swapfile";}];
  networking = {
    useDHCP = false; # Deprecated
    hostName = "lifebook";
--- a/hosts/lifebook/home.nix
+++ b/hosts/lifebook/home.nix
@@ -2,10 +2,7 @@
 #  Lifebook laptop — home-manager host-specific additions
 #  (WM home config is loaded by modules/desktop based on myDesktop.windowManager)
 #
-
+{pkgs, ...}: {
 { pkgs, ... }:
 {
  imports = [
    ../../modules/home.nix # cmds / theme options
  ];
--- a/hosts/nasbackup/default.nix
+++ b/hosts/nasbackup/default.nix
@@ -1,14 +1,18 @@
 #
 #  Nasbak — NAS backup server configuration
 #
 { config, pkgs, user, ... }:
 {
-  imports = [
+  config,
  pkgs,
  user,
  ...
 }: {
  imports =
    [
      ./hardware-configuration.nix
      ../../modules/server
-  ] ++ (import ../../modules/services/nasbackup);
+    ]
    ++ (import ../../modules/services/nasbackup);
  # ── Server module options ───────────────────────────────────────────────
  # No virtualisation on the backup NAS
--- a/hosts/nasbackup/hardware-configuration.nix
+++ b/hosts/nasbackup/hardware-configuration.nix
@@ -1,4 +1,3 @@
 # Hardware settings for Teclast F5 10" Laptop
 # NixOS @ sda2
 #
@@ -10,11 +9,15 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports =
+  config,
-    [ (modulesPath + "/profiles/qemu-guest.nix")
+  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
@@ -139,39 +142,38 @@
    };
  };
-
+  fileSystems."/" = {
-  fileSystems."/" =
+    device = "/dev/disk/by-label/NIXROOT";
    { device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
  };
-  fileSystems."/srv" =
+  fileSystems."/srv" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
  };
-  fileSystems."/swap" =
+  fileSystems."/swap" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
  };
-  fileSystems."/mnt/snapshots/root" =
+  fileSystems."/mnt/snapshots/root" = {
-    { device = "/dev/disk/by-label/NIXROOT";
+    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
  };
@@ -182,14 +184,14 @@
  #      options = [ "compress=zstd,space_cache=v2,noatime,subvolid=5" ];
  #    };
  #
-  fileSystems."/mnt/nas" =
+  fileSystems."/mnt/nas" = {
-    { device = "/dev/disk/by-uuid/70523c79-ef5c-40f2-8782-60fc86bb445b";
+    device = "/dev/disk/by-uuid/70523c79-ef5c-40f2-8782-60fc86bb445b";
    fsType = "btrfs";
    options = ["compress=zstd:9,space_cache=v2,noatime,subvol=@nasbak"];
  };
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-label/NIXBOOT";
+    device = "/dev/disk/by-label/NIXBOOT";
    fsType = "vfat";
  };
@@ -229,5 +231,4 @@
    #      ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2
    #    '';
  };
 }
--- a/hosts/nasbackup/home.nix
+++ b/hosts/nasbackup/home.nix
@@ -10,16 +10,13 @@
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
-
+{pkgs, ...}: {
-{ pkgs, ... }:
+  imports = [
 {
  imports =
    [
    ../../modules/home.nix # Window Manager
  ];
-  home = {                                # Specific packages for laptop
+  home = {
    # Specific packages for laptop
    packages = with pkgs; [
      # Applications
@@ -32,5 +29,4 @@
  programs = {
    alacritty.settings.font.size = 11;
  };
 }
--- a/hosts/nbf5/default.nix
+++ b/hosts/nbf5/default.nix
@@ -16,23 +16,32 @@
 #       └─ ./hardware
 #           └─ default.nix
 #
 { config, pkgs, user, ... }:
 {
-  imports =                                                         # For now, if applying to other system, swap files
+  config,
-    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+  pkgs,
  user,
  ...
 }: {
  imports =
    # For now, if applying to other system, swap files
    [(import ./hardware-configuration.nix)]
    ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
    #[(import ../../modules/wm/hyprland/default.nix)] ++        # Window Manager
    # [(import ../../modules/wm/sway/default.nix)] ++        # Window Manager
-    [(import ../../modules/wm/virtualisation/docker.nix)] ++   # Docker
+    [(import ../../modules/wm/virtualisation/docker.nix)]
-    [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++   # kvm module options
+    ++ # Docker
-    (import ../../modules/hardware) ++
+    [(import ../../modules/wm/virtualisation/kvm-intel.nix)]
-    (import ../../modules/services/printer);                                # Hardware devices
+    ++ # kvm module options
    (import ../../modules/hardware)
    ++ (import ../../modules/services/printer); # Hardware devices
-  boot = {                                  # Boot options
+  boot = {
    # Boot options
    kernelPackages = pkgs.linuxPackages_latest;
-    loader = {                              # EFI Boot
+    loader = {
      # EFI Boot
      systemd-boot.enable = true;
      efi = {
        canTouchEfiVariables = true;
@@ -48,7 +57,8 @@
    ];
  };
-  programs = {                              # No xbacklight, this is the alterantive
+  programs = {
    # No xbacklight, this is the alterantive
    light.enable = true;
  };
@@ -63,10 +73,12 @@
    logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
    #auto-cpufreq.enable = true;
    blueman.enable = true;
-    avahi = {                               # Needed to find wireless printer
+    avahi = {
      # Needed to find wireless printer
      enable = true;
      nssmdns4 = true;
-      publish = {                           # Needed for detecting the scanner
+      publish = {
        # Needed for detecting the scanner
        enable = true;
        addresses = true;
        userServices = true;
--- a/hosts/nbf5/hardware-configuration.nix
+++ b/hosts/nbf5/hardware-configuration.nix
@@ -10,11 +10,15 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports =
+  config,
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot = {
@@ -74,63 +78,61 @@
    };
  };
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/mapper/root";
+    device = "/dev/mapper/root";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "/dev/mapper/root";
+    device = "/dev/mapper/root";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
  };
-  fileSystems."/srv" =
+  fileSystems."/srv" = {
-    { device = "/dev/mapper/root";
+    device = "/dev/mapper/root";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
  };
-  fileSystems."/opt" =
+  fileSystems."/opt" = {
-    { device = "/dev/mapper/root";
+    device = "/dev/mapper/root";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"];
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "/dev/mapper/root";
+    device = "/dev/mapper/root";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
  };
-  fileSystems."/mnt/snapshots/root" =
+  fileSystems."/mnt/snapshots/root" = {
-    { device = "/dev/mapper/root";
+    device = "/dev/mapper/root";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
  };
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-label/BOOT";
+    device = "/dev/disk/by-label/BOOT";
    fsType = "vfat";
  };
-  fileSystems."/mnt/Pluto" =
+  fileSystems."/mnt/Pluto" = {
-    { device = "jupiter:/Pluto";
+    device = "jupiter:/Pluto";
    fsType = "nfs";
    options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
  };
-  fileSystems."/mnt/Mars" =
+  fileSystems."/mnt/Mars" = {
-    { device = "jupiter:/Mars";
+    device = "jupiter:/Mars";
    fsType = "nfs";
    options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
  };
  swapDevices = [];
  networking = {
    useDHCP = false; # Deprecated
    hostName = "nbf5";
--- a/hosts/nbf5/home.nix
+++ b/hosts/nbf5/home.nix
@@ -10,18 +10,15 @@
 #           └─ ./hyprland
 #              └─ hyprland.nix
 #
-
+{pkgs, ...}: {
-{ pkgs, ... }:
+  imports = [
 {
  imports =
    [
    #../../modules/wm/hyprland/home.nix # Window Manager
    #../../modules/wm/sway/home.nix # Window Manager
    ../../modules/home.nix # Window Manager
  ];
-  home = {                                # Specific packages for laptop
+  home = {
    # Specific packages for laptop
    packages = with pkgs; [
      # Applications
      firefox
@@ -41,11 +38,11 @@
    alacritty.settings.font.size = 11;
  };
-  services = {                            # Applets
+  services = {
    # Applets
    blueman-applet.enable = true; # Bluetooth
    network-manager-applet.enable = true; # Network
  };
  xsession.preferStatusNotifierItems = true;
 }
--- a/hosts/steamdeck/default.nix
+++ b/hosts/steamdeck/default.nix
@@ -1,10 +1,13 @@
 #
 #  Steamdeck — system configuration
 #
 { lib, pkgs, user, jovian-nixos, ... }:
 {
  lib,
  pkgs,
  user,
  jovian-nixos,
  ...
 }: {
  imports = [
    ./hardware-configuration.nix
    ../../modules/desktop
--- a/hosts/steamdeck/hardware-configuration.nix
+++ b/hosts/steamdeck/hardware-configuration.nix
@@ -10,11 +10,15 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports =
+  config,
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot = {
@@ -111,49 +115,49 @@
  #      };
  #  };
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
  };
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-label/NIXBOOT";
+    device = "/dev/disk/by-label/NIXBOOT";
    fsType = "vfat";
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
  };
-  fileSystems."/srv" =
+  fileSystems."/srv" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
  };
-  fileSystems."/swap" =
+  fileSystems."/swap" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
  };
-  fileSystems."/opt" =
+  fileSystems."/opt" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"];
  };
-  fileSystems."/mnt/snapshots/root" =
+  fileSystems."/mnt/snapshots/root" = {
-    { device = "/dev/mapper/crypted";
+    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
  };
@@ -164,22 +168,20 @@
  #      options = [ "nofail,noauto,users,x-systemd.automount" ];
  #    };
-  fileSystems."/mnt/Pluto" =
+  fileSystems."/mnt/Pluto" = {
-    { device = "jupiter:/Pluto";
+    device = "jupiter:/Pluto";
    fsType = "nfs";
    options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
  };
-  fileSystems."/mnt/Mars" =
+  fileSystems."/mnt/Mars" = {
-    { device = "jupiter:/Mars";
+    device = "jupiter:/Mars";
    fsType = "nfs";
    options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
  };
  swapDevices = [{device = "/swap/swapfile";}];
  networking = {
    useDHCP = false; # Deprecated
    hostName = "steamdeck";
--- a/hosts/steamdeck/home.nix
+++ b/hosts/steamdeck/home.nix
@@ -1,10 +1,7 @@
 #
 #  Home-manager configuration for steamdeck
 #
-
+{pkgs, ...}: {
 { pkgs, ... }:
 {
  specialisation = {
    sway.configuration = {
      imports = [(import ../../modules/wm/sway/home.nix)];
@@ -12,8 +9,8 @@
  };
  imports =
-    [ (import ../../modules/home.nix) ] ++
+    [(import ../../modules/home.nix)]
-    [ (import ../../modules/wm/steam/home.nix) ];
+    ++ [(import ../../modules/wm/steam/home.nix)];
  home = {
    packages = with pkgs; [
--- a/hosts/vm/hardware-configuration.nix
+++ b/hosts/vm/hardware-configuration.nix
@@ -1,11 +1,15 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports =
+  config,
-    [ (modulesPath + "/profiles/qemu-guest.nix")
+  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
  boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"];
@@ -13,8 +17,8 @@
  boot.kernelModules = ["kvm-intel"];
  boot.extraModulePackages = [];
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-label/nixos";
+    device = "/dev/disk/by-label/nixos";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime"];
  };
@@ -25,8 +29,8 @@
  #      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home" ];
  #    };
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-label/BOOT";
+    device = "/dev/disk/by-label/BOOT";
    fsType = "vfat";
  };
--- a/modules/desktop/default.nix
+++ b/modules/desktop/default.nix
@@ -28,20 +28,22 @@
 #
 #    myDesktop.extraSystemPackages = with pkgs; [ some-tool ];
 #
 { config, lib, pkgs, inputs, user, ... }:
 let
  cfg = config.myDesktop;
 in
 {
  config,
  lib,
  pkgs,
  inputs,
  user,
  ...
 }: let
  cfg = config.myDesktop;
 in {
  # Hardware modules that are always useful on desktops (bluetooth, …)
-  imports = (import ../hardware);
+  imports = import ../hardware;
  # ── Options ──────────────────────────────────────────────────────────────
  options.myDesktop = with lib; {
    windowManager = mkOption {
      type = types.enum ["niri" "sway" "kde"];
      default = "niri";
@@ -62,14 +64,16 @@ in
      devices = mkOption {
        type = types.attrs;
        default = {};
-        example = literalExpression
+        example =
          literalExpression
          ''{ "jupiter.home.example.de" = { id = "XXXXX-XXXXX-XXXXX-..."; }; }'';
        description = "Syncthing peer devices.";
      };
      folders = mkOption {
        type = types.attrs;
        default = {};
-        example = literalExpression
+        example =
          literalExpression
          ''{ "Sync" = { path = "/home/user/Sync"; devices = [ "jupiter" ]; ignorePerms = false; }; }'';
        description = "Syncthing shared folders.";
      };
@@ -122,15 +126,23 @@ in
  # ── Configuration ────────────────────────────────────────────────────────
  config = lib.mkMerge [
    # ── Base desktop config (replaces configuration_desktop.nix) ───────────
    {
      users.users.${user} = {
        isNormalUser = true;
        uid = 2000;
        extraGroups = [
-          "wheel" "video" "audio" "camera" "networkmanager"
+          "wheel"
-          "lp" "kvm" "libvirtd" "adb" "dialout" "tss"
+          "video"
          "audio"
          "camera"
          "networkmanager"
          "lp"
          "kvm"
          "libvirtd"
          "adb"
          "dialout"
          "tss"
        ];
      };
@@ -228,8 +240,7 @@ in
        greetd = {
          enable = true;
          useTextGreeter = true;
-          settings.default_session.command =
+          settings.default_session.command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
            "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
        };
        tuned.enable = true;
        upower.enable = true;
@@ -238,8 +249,7 @@ in
      programs = {
        niri.enable = true;
        ssh.enableAskPassword = true;
-        ssh.askPassword        =
+        ssh.askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
          "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
      };
      # Noctalia shell + niri home config via home-manager
@@ -271,26 +281,49 @@ in
                showCapsule = false;
                widgets = {
                  left = [
-                    { id = "ControlCenter"; useDistroLogo = true; }
+                    {
-                    { hideUnoccupied = false; id = "Workspace";
+                      id = "ControlCenter";
-                      labelMode = "index"; showApplications = true; }
+                      useDistroLogo = true;
                    }
                    {
                      hideUnoccupied = false;
                      id = "Workspace";
                      labelMode = "index";
                      showApplications = true;
                    }
                    {id = "ActiveWindow";}
                  ];
                  center = [
-                    { formatHorizontal   = "HH:mm\\ndd-MM-yy";
+                    {
                      formatHorizontal = "HH:mm\\ndd-MM-yy";
                      formatVertical = "HH mm";
                      id = "Clock";
                      useMonospacedFont = true;
-                      usePrimaryColor    = true; }
+                      usePrimaryColor = true;
                    }
                  ];
                  right = [
                    {id = "MediaMini";}
-                    { id = "SystemMonitor"; showNetworkStats = true; compactMode = false; }
+                    {
                      id = "SystemMonitor";
                      showNetworkStats = true;
                      compactMode = false;
                    }
                    {id = "WiFi";}
                    {id = "Bluetooth";}
-                    { id = "Battery"; displayMode = "icon-always"; hideIfNotDetected = true; }
+                    {
-                    { id = "Volume"; displayMode = "alwaysShow"; }
+                      id = "Battery";
-                    { id = "NotificationHistory"; hideWhenZero = true; }
+                      displayMode = "icon-always";
                      hideIfNotDetected = true;
                    }
                    {
                      id = "Volume";
                      displayMode = "alwaysShow";
                    }
                    {
                      id = "NotificationHistory";
                      hideWhenZero = true;
                    }
                    {id = "Tray";}
                  ];
                };
@@ -390,8 +423,7 @@ in
          '';
        };
        ssh.enableAskPassword = true;
-        ssh.askPassword       =
+        ssh.askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
          "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
      };
      xdg.portal = {
@@ -507,8 +539,7 @@ in
    # ── Laptop ─────────────────────────────────────────────────────────────
    (lib.mkIf cfg.laptop.enable {
-      systemd.sleep.extraConfig =
+      systemd.sleep.extraConfig = "HibernateDelaySec=${cfg.laptop.hibernateDelaySec}";
        "HibernateDelaySec=${cfg.laptop.hibernateDelaySec}";
      services.logind.settings.Login.HandleLidSwitch =
        cfg.laptop.lidSwitch;
    })
@@ -517,6 +548,5 @@ in
    (lib.mkIf cfg.nitrokey.enable {
      hardware.nitrokey.enable = true;
    })
  ];
 }
--- a/modules/editors/default.nix
+++ b/modules/editors/default.nix
@@ -9,7 +9,6 @@
 #           └─ default.nix *
 #               └─ ...
 #
 [
  ./nvim
 ]
--- a/modules/editors/nvim/config/default.nix
+++ b/modules/editors/nvim/config/default.nix
@@ -1,5 +1,4 @@
-{ nvim, ... }:
+{nvim, ...}: {
 {
  # Import all your configuration modules here
  programs.nixvim = {
    enable = true;
--- a/modules/editors/nvim/default.nix
+++ b/modules/editors/nvim/default.nix
@@ -1,11 +1,7 @@
 #
 # Neovim
 #
-
+{pkgs, ...}: {
 { pkgs, ... }:
 {
  home = {
    packages = [pkgs.gnvim];
  };
@@ -161,4 +157,3 @@
    };
  };
 }
--- a/modules/hardware/backup.nix
+++ b/modules/hardware/backup.nix
@@ -1,8 +1,9 @@
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  services.btrbk = {
    sshAccess = [
      {
--- a/modules/hardware/bluetooth.nix
+++ b/modules/hardware/bluetooth.nix
@@ -1,10 +1,7 @@
 #
 # Bluetooth
 #
-
+{pkgs, ...}: {
 { pkgs, ... }:
 {
  hardware.bluetooth = {
    enable = true;
    hsphfpd.enable = false; # HSP & HFP daemon
--- a/modules/hardware/hydraCache.nix
+++ b/modules/hardware/hydraCache.nix
@@ -1,7 +1,9 @@
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  nix = {
    settings = {
      extra-trusted-public-keys = [
@@ -15,5 +17,4 @@
      ];
    };
  };
 }
--- a/modules/hardware/remoteBuilder.nix
+++ b/modules/hardware/remoteBuilder.nix
@@ -1,7 +1,10 @@
 { pkgs, config, ... }:
 {
-  users.users.nixremote = {                   # System User
+  pkgs,
  config,
  ...
 }: {
  users.users.nixremote = {
    # System User
    isSystemUser = true;
    group = "nixremote";
    extraGroups = ["kvm"];
--- a/modules/hardware/remoteClient.nix
+++ b/modules/hardware/remoteClient.nix
@@ -1,10 +1,13 @@
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  nix = {
    distributedBuilds = false;
-    buildMachines = [ {
+    buildMachines = [
      {
        hostName = "hades";
        system = "x86_64-linux";
        supportedFeatures = ["kvm" "big-parallel"];
@@ -14,7 +17,8 @@
        speedFactor = 4;
        publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%";
        protocol = "ssh-ng";
-    } ];
+      }
    ];
    settings = {
      extra-trusted-public-keys = [
        "hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
--- a/modules/home.nix
+++ b/modules/home.nix
@@ -1,31 +1,75 @@
 { lib, options, ... }:
 {
  lib,
  options,
  ...
 }: {
  options = with lib; {
    cmds = {
-      shell = mkOption { type = types.str; default = "zsh"; };
+      shell = mkOption {
-      fetch = mkOption { type = types.str; default = "hyfetch"; };
+        type = types.str;
-      editor = mkOption { type = types.str; default = "nvim"; };
+        default = "zsh";
      };
      fetch = mkOption {
        type = types.str;
        default = "hyfetch";
      };
      editor = mkOption {
        type = types.str;
        default = "nvim";
      };
-      wm = mkOption { type = types.str; default = "sway"; };
+      wm = mkOption {
        type = types.str;
        default = "sway";
      };
-      terminal = mkOption { type = types.str; default = "alacritty"; };
+      terminal = mkOption {
-      menu = mkOption { type = types.str; default = "rofi -show drun -show-icons"; };
+        type = types.str;
        default = "alacritty";
      };
      menu = mkOption {
        type = types.str;
        default = "rofi -show drun -show-icons";
      };
-      lock = mkOption { type = types.str; default = "locksway"; };
+      lock = mkOption {
        type = types.str;
        default = "locksway";
      };
      notifications = {
-        volume = mkOption { type = types.str; default = "volume-notify"; };
+        volume = mkOption {
-        brightness = mkOption { type = types.str; default = "brightness-notify"; };
+          type = types.str;
          default = "volume-notify";
        };
        brightness = mkOption {
          type = types.str;
          default = "brightness-notify";
        };
      };
    };
-    is-wayland = mkOption { type = types.bool; default = true; };
+    is-wayland = mkOption {
      type = types.bool;
      default = true;
    };
    theme = {
-      theme = mkOption { type = types.str; default = "catppuccin-mocha"; };
+      theme = mkOption {
-      icon-theme = mkOption { type = types.str; default = "Papirus-Dark"; };
+        type = types.str;
-      font = mkOption { type = types.str; default = "Cascadia Code 11"; };
+        default = "catppuccin-mocha";
-      wallpaper = mkOption { type = types.str; default = ""; };
+      };
      icon-theme = mkOption {
        type = types.str;
        default = "Papirus-Dark";
      };
      font = mkOption {
        type = types.str;
        default = "Cascadia Code 11";
      };
      wallpaper = mkOption {
        type = types.str;
        default = "";
      };
    };
  };
 }
--- a/modules/kabbone/corosync-qdevice.nix
+++ b/modules/kabbone/corosync-qdevice.nix
@@ -4,12 +4,10 @@
  pkgs,
  pkgs-kabbone,
  ...
-}:
+}: let
 let
  cfg = config.services.corosync-qnetd;
  dataDir = "/var/run/corosync-qnetd";
-in
+in {
 {
  # interface
  options.services.corosync-qnetd = {
    enable = lib.mkEnableOption "corosync-qnetd";
@@ -45,7 +43,6 @@ in
    #     transport: knet
    #   }
    #   logging {
    #     to_syslog: yes
    #   }
--- a/modules/kabbone/mautrix-whatsapp.nix
+++ b/modules/kabbone/mautrix-whatsapp.nix
@@ -3,8 +3,7 @@
  config,
  pkgs,
  ...
-}:
+}: let
 let
  cfg = config.services.kabbone_mautrix-whatsapp;
  dataDir = "/var/lib/mautrix-whatsapp";
  registrationFile = "${dataDir}/whatsapp-registration.yaml";
@@ -66,9 +65,7 @@ let
      };
    };
  };
-
+in {
 in
 {
  options.services.kabbone_mautrix-whatsapp = {
    enable = lib.mkEnableOption "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge";
@@ -159,7 +156,6 @@ in
  };
  config = lib.mkIf cfg.enable {
    users.users.mautrix-whatsapp = {
      isSystemUser = true;
      group = "mautrix-whatsapp";
@@ -178,8 +174,7 @@ in
    # Note: this is defined here to avoid the docs depending on `config`
    services.kabbone_mautrix-whatsapp.settings.homeserver = optOneOf (
-      with config.services;
+      with config.services; [
      [
        (lib.mkIf matrix-synapse.enable (mkDefaults {
          domain = matrix-synapse.settings.server_name;
        }))
--- a/modules/programs/configs/default.nix
+++ b/modules/programs/configs/default.nix
@@ -9,7 +9,6 @@
 #           └─ default.nix *
 #               └─ ...
 #
 [
  ./mpv.nix
 ]
--- a/modules/programs/configs/mpv.nix
+++ b/modules/programs/configs/mpv.nix
@@ -9,10 +9,7 @@
 #           └─ ./configs
 #               └─ mpv.nix *
 #
-
+{pkgs, ...}: {
 { pkgs, ... }:
 {
  home.file = {
    ".config/mpv/mpv.conf".text = ''
      hwdec=vaapi
--- a/modules/programs/firefox.nix
+++ b/modules/programs/firefox.nix
@@ -1,12 +1,11 @@
 #
 # Firefox Brower Emulator
 #
 { pkgs, config, ... }:
 {
-
+  pkgs,
  config,
  ...
 }: {
  #home.packages = [ pkgs.firefox-wayland ];
  programs = {
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -16,17 +16,18 @@
 #
 #    myServer.extraSystemPackages   = with pkgs; [ some-tool ];
 #
 { config, lib, pkgs, user, ... }:
 let
  cfg = config.myServer;
 in
 {
  config,
  lib,
  pkgs,
  user,
  ...
 }: let
  cfg = config.myServer;
 in {
  # ── Options ──────────────────────────────────────────────────────────────
  options.myServer = with lib; {
    uid = mkOption {
      type = types.int;
      default = 3000;
@@ -75,13 +76,11 @@ in
    fail2ban = {
      enable = mkEnableOption "fail2ban intrusion prevention";
    };
  };
  # ── Configuration ────────────────────────────────────────────────────────
  config = lib.mkMerge [
    # ── Base server config ────────────────────────────────────────────────
    {
      users.users.${user} = {
@@ -92,11 +91,13 @@ in
      security.sudo.wheelNeedsPassword = cfg.sudoRequiresPassword;
-      environment.systemPackages = with pkgs; [
+      environment.systemPackages = with pkgs;
        [
          ffmpeg
          smartmontools
          htop
-      ] ++ cfg.extraSystemPackages;
+        ]
        ++ cfg.extraSystemPackages;
      services.openssh = {
        ports = [cfg.sshPort];
@@ -146,6 +147,5 @@ in
        jails.DEFAULT.settings.findtime = "15m";
      };
    })
  ];
 }
--- a/modules/services/dmz/default.nix
+++ b/modules/services/dmz/default.nix
@@ -9,11 +9,10 @@
 #           └─ default.nix *
 #               └─ ...
 #
 [
  ./microvm.nix
  #  ./hydra.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/dmz/gitea_runner.nix
+++ b/modules/services/dmz/gitea_runner.nix
@@ -1,6 +1,9 @@
 { lib, config, pkgs, ... }:
 {
  lib,
  config,
  pkgs,
  ...
 }: {
  virtualisation = {
    podman = {
      enable = true;
--- a/modules/services/dmz/hydra.nix
+++ b/modules/services/dmz/hydra.nix
@@ -1,6 +1,9 @@
 { lib, config, pkgs, ... }:
 {
  lib,
  config,
  pkgs,
  ...
 }: {
  services = {
    hydra = {
      enable = true;
@@ -86,6 +89,4 @@
    file = ../../../secrets/services/acme/opel-online.age;
    owner = "acme";
  };
 }
--- a/modules/services/dmz/microvm.nix
+++ b/modules/services/dmz/microvm.nix
@@ -1,22 +1,28 @@
 { config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
 let
  name = "gitea-runner";
 in
 {
  config,
  microvm,
  lib,
  pkgs,
  user,
  agenix,
  impermanence,
  ...
 }: let
  name = "gitea-runner";
 in {
  microvm = {
    autostart = [
      name
    ];
    vms = {
      ${name} = {
        inherit pkgs;
        config = {
          imports =
-            [ agenix.nixosModules.default ] ++
+            [agenix.nixosModules.default]
-            [ impermanence.nixosModules.impermanence ] ++
+            ++ [impermanence.nixosModules.impermanence]
-            [( ./gitea_runner.nix )];
+            ++ [(./gitea_runner.nix)];
          networking = {
            hostName = "${name}";
@@ -40,7 +46,8 @@ in
            };
          };
-          users.users.${user} = {                   # System User
+          users.users.${user} = {
            # System User
            isNormalUser = true;
            extraGroups = ["wheel"];
            uid = 2000;
@@ -64,14 +71,16 @@ in
                  path = "/persist/etc/ssh/ssh_host_rsa_key";
                  type = "rsa";
                  bits = 4096;
-              }];
+                }
              ];
            };
          };
          fileSystems."/persist".neededForBoot = lib.mkForce true;
          environment = {
-            systemPackages = with pkgs; [           # Default packages install system-wide
+            systemPackages = with pkgs; [
              # Default packages install system-wide
              bash
              coreutils
              curl
@@ -108,8 +117,10 @@ in
                  link = "ens18";
                  mode = "bridge";
                };
-            } ];
+              }
-             shares = [{
+            ];
            shares = [
              {
                source = "/nix/store";
                mountPoint = "/nix/.ro-store";
                tag = "ro-store";
@@ -120,7 +131,8 @@ in
                mountPoint = "/persist";
                tag = "persist";
                proto = "virtiofs";
-            }];
+              }
            ];
            #writableStoreOverlay = "/nix/.rw-store";
            #storeOnDisk = true;
          };
--- a/modules/services/kabtopci/default.nix
+++ b/modules/services/kabtopci/default.nix
@@ -9,11 +9,10 @@
 #           └─ default.nix *
 #               └─ ...
 #
 [
  #  ./microvm.nix
  ./hydra.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/kabtopci/gitea_runner.nix
+++ b/modules/services/kabtopci/gitea_runner.nix
@@ -1,6 +1,9 @@
 { lib, config, pkgs, ... }:
 {
  lib,
  config,
  pkgs,
  ...
 }: {
  virtualisation = {
    podman = {
      enable = true;
--- a/modules/services/kabtopci/hydra.nix
+++ b/modules/services/kabtopci/hydra.nix
@@ -1,6 +1,9 @@
 { lib, config, pkgs, ... }:
 {
  lib,
  config,
  pkgs,
  ...
 }: {
  services = {
    hydra = {
      enable = true;
@@ -78,5 +81,4 @@
    file = ../../../secrets/keys/nixservepriv.age;
    owner = "hydra";
  };
 }
--- a/modules/services/kabtopci/microvm.nix
+++ b/modules/services/kabtopci/microvm.nix
@@ -1,22 +1,28 @@
 { config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
 let
  name = "gitea-runner";
 in
 {
  config,
  microvm,
  lib,
  pkgs,
  user,
  agenix,
  impermanence,
  ...
 }: let
  name = "gitea-runner";
 in {
  microvm = {
    autostart = [
      name
    ];
    vms = {
      ${name} = {
        inherit pkgs;
        config = {
          imports =
-            [ agenix.nixosModules.default ] ++
+            [agenix.nixosModules.default]
-            [ impermanence.nixosModules.impermanence ] ++
+            ++ [impermanence.nixosModules.impermanence]
-            [( ./gitea_runner.nix )];
+            ++ [(./gitea_runner.nix)];
          networking = {
            hostName = "${name}";
@@ -40,7 +46,8 @@ in
            };
          };
-          users.users.${user} = {                   # System User
+          users.users.${user} = {
            # System User
            isNormalUser = true;
            extraGroups = ["wheel"];
            uid = 2000;
@@ -64,14 +71,16 @@ in
                  path = "/persist/etc/ssh/ssh_host_rsa_key";
                  type = "rsa";
                  bits = 4096;
-              }];
+                }
              ];
            };
          };
          fileSystems."/persist".neededForBoot = lib.mkForce true;
          environment = {
-            systemPackages = with pkgs; [           # Default packages install system-wide
+            systemPackages = with pkgs; [
              # Default packages install system-wide
              bash
              coreutils
              curl
@@ -104,8 +113,10 @@ in
                type = "user";
                id = "vm-${name}";
                mac = "04:00:00:00:00:02";
-            } ];
+              }
-             shares = [{
+            ];
            shares = [
              {
                source = "/nix/store";
                mountPoint = "/nix/.ro-store";
                tag = "ro-store";
@@ -116,7 +127,8 @@ in
                mountPoint = "/persist";
                tag = "persist";
                proto = "virtiofs";
-            }];
+              }
            ];
            #writableStoreOverlay = "/nix/.rw-store";
            #storeOnDisk = true;
          };
--- a/modules/services/keyring.nix
+++ b/modules/services/keyring.nix
@@ -1,11 +1,13 @@
 #
 # Screenshots
 #
 { pkgs, user, ... }:
 {
-  services = {                                    # sxhkd shortcut = Printscreen button (Print)
+  pkgs,
  user,
  ...
 }: {
  services = {
    # sxhkd shortcut = Printscreen button (Print)
    gnome-keyring = {
      enable = true;
    };
--- a/modules/services/kubemaster/default.nix
+++ b/modules/services/kubemaster/default.nix
@@ -9,11 +9,10 @@
 #           └─ default.nix *
 #               └─ ...
 #
 [
  #  ./microvm.nix
  #  ./hydra.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/nas/default.nix
+++ b/modules/services/nas/default.nix
@@ -9,7 +9,6 @@
 #           └─ default.nix *
 #               └─ ...
 #
 [
  ./nfs.nix
  ./nginx.nix
@@ -17,6 +16,6 @@
  ./syncthing.nix
  ./paperless.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/nas/nfs.nix
+++ b/modules/services/nas/nfs.nix
@@ -1,4 +1,9 @@
-{config, pkgs, lib, ...}: {
+{
  config,
  pkgs,
  lib,
  ...
 }: {
  # enable nfs
  services.nfs.server = rec {
    enable = true;
--- a/modules/services/nas/nginx.nix
+++ b/modules/services/nas/nginx.nix
@@ -1,10 +1,12 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
@@ -57,7 +59,6 @@
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults = {
@@ -87,5 +88,4 @@
    file = ../../../secrets/services/acme/opel-online.age;
    owner = "acme";
  };
 }
--- a/modules/services/nas/paperless.nix
+++ b/modules/services/nas/paperless.nix
@@ -1,10 +1,12 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  services.paperless = {
    enable = true;
    domain = "paperless.home.opel-online.de";
@@ -34,5 +36,4 @@
    file = ../../../secrets/services/paperless/pwFile.age;
    owner = "paperless";
  };
 }
--- a/modules/services/nas/syncthing.nix
+++ b/modules/services/nas/syncthing.nix
@@ -1,10 +1,12 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  services.syncthing = {
    enable = true;
    group = "users";
@@ -20,7 +22,8 @@
        "lifebook.home.opel-online.de" = {id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4";};
      };
      folders = {
-        "Sync" = {         # Name of folder in Syncthing, also the folder ID
+        "Sync" = {
          # Name of folder in Syncthing, also the folder ID
          path = "/mnt/Mars/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
          devices = ["hades.home.opel-online.de" "lifebook.home.opel-online.de"]; # Which devices to share the folder with
          ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
@@ -49,5 +52,4 @@
      };
    };
  };
 }
--- a/modules/services/nas/vaultwarden.nix
+++ b/modules/services/nas/vaultwarden.nix
@@ -1,10 +1,12 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  services.vaultwarden = {
    enable = true;
    dbBackend = "sqlite";
@@ -34,5 +36,4 @@
    file = ../../../secrets/services/vaultwarden/environment.age;
    owner = "vaultwarden";
  };
 }
--- a/modules/services/nasbackup/default.nix
+++ b/modules/services/nasbackup/default.nix
@@ -9,10 +9,9 @@
 #           └─ default.nix *
 #               └─ ...
 #
 [
  #  ./nfs.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/printer/default.nix
+++ b/modules/services/printer/default.nix
@@ -9,10 +9,9 @@
 #           └─ default.nix *
 #               └─ ...
 #
 [
  ./klipper.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/printer/klipper.nix
+++ b/modules/services/printer/klipper.nix
@@ -1,6 +1,9 @@
 { lib, config, pkgs, ... }:
 {
  lib,
  config,
  pkgs,
  ...
 }: {
  environment = {
    systemPackages = with pkgs; [
      klipperscreen
@@ -97,5 +100,4 @@
    #        #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
    #      };
  };
 }
--- a/modules/services/printer/nginx.nix
+++ b/modules/services/printer/nginx.nix
@@ -1,10 +1,12 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
@@ -21,7 +23,6 @@
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults = {
@@ -49,5 +50,4 @@
    file = ../../../secrets/services/acme/opel-online.age;
    owner = "acme";
  };
 }
--- a/modules/services/server/coturn.nix
+++ b/modules/services/server/coturn.nix
@@ -1,4 +1,9 @@
-{config, pkgs, lib, ...}: {
+{
  config,
  pkgs,
  lib,
  ...
 }: {
  # enable coturn
  services.coturn = rec {
    enable = true;
@@ -43,12 +48,13 @@
  # open the firewall
  networking.firewall = {
    interfaces.ens18 = let
-      range = with config.services.coturn; [ {
+      range = with config.services.coturn; [
        {
          from = min-port;
          to = max-port;
-    } ];
+        }
-    in
+      ];
-    {
+    in {
      allowedUDPPortRanges = range;
      allowedUDPPorts = [3478];
      allowedTCPPortRanges = range;
@@ -57,7 +63,9 @@
  };
  # get a certificate
  security.acme.certs.${config.services.coturn.realm} = {
-    /* insert here the right configuration to obtain a certificate */
+    /*
    insert here the right configuration to obtain a certificate
    */
    postRun = "systemctl restart coturn.service";
    group = "turnserver";
  };
--- a/modules/services/server/default.nix
+++ b/modules/services/server/default.nix
@@ -9,7 +9,6 @@
 #           └─ default.nix *
 #               └─ ...
 #
 [
  ./postgresql.nix
  ./gitea.nix
@@ -21,6 +20,6 @@
  ./mealie.nix
  #  ./ollama.nix
 ]
 # picom, polybar and sxhkd are pulled from desktop module
 # redshift temporarely disables
--- a/modules/services/server/gitea.nix
+++ b/modules/services/server/gitea.nix
@@ -1,10 +1,12 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  services.gitea = {
    enable = true;
    dump.enable = false;
--- a/modules/services/server/gitea_runner.nix
+++ b/modules/services/server/gitea_runner.nix
@@ -1,6 +1,9 @@
 { lib, config, pkgs, ... }:
 {
  lib,
  config,
  pkgs,
  ...
 }: {
  virtualisation = {
    podman = {
      enable = true;
--- a/modules/services/server/hydra.nix
+++ b/modules/services/server/hydra.nix
@@ -1,6 +1,9 @@
 { lib, config, pkgs, ... }:
 {
  lib,
  config,
  pkgs,
  ...
 }: {
  services = {
    hydra = {
      enable = true;
@@ -73,5 +76,4 @@
    file = ../../../secrets/keys/nixservepriv.age;
    owner = "hydra";
  };
 }
--- a/modules/services/server/jitsi.nix
+++ b/modules/services/server/jitsi.nix
@@ -1,6 +1,8 @@
 { config, pkgs, ... }:
 {
  config,
  pkgs,
  ...
 }: {
  services.jitsi-meet = {
    enable = true;
    hostName = "meet.kabtop.de";
--- a/modules/services/server/matrix.nix
+++ b/modules/services/server/matrix.nix
@@ -1,10 +1,12 @@
 #
 # System notifications
 #
-
+{
-{ config, lib, pkgs, ... }:
+  config,
-
+  lib,
-let
+  pkgs,
  ...
 }: let
  fqdn = "matrix.${config.networking.domain}";
  clientConfig = {
    "m.homeserver".base_url = "https://${fqdn}";
@@ -62,14 +64,21 @@ in {
      server_name = config.networking.domain;
      public_baseurl = "https://matrix.${config.networking.domain}";
      listeners = [
-          { port = 8008;
+        {
          port = 8008;
          bind_addresses = ["::1"];
          type = "http";
          tls = false;
          x_forwarded = true;
          resources = [
-              { names = [ "client" ]; compress = true; }
+            {
-              { names = [ "federation" ]; compress = false; }
+              names = ["client"];
              compress = true;
            }
            {
              names = ["federation"];
              compress = false;
            }
          ];
        }
      ];
--- a/modules/services/server/mealie.nix
+++ b/modules/services/server/mealie.nix
@@ -1,7 +1,8 @@
 { config, pkgs, ... }:
 {
-
+  config,
  pkgs,
  ...
 }: {
  services.mealie = {
    enable = true;
    listenAddress = "127.0.0.1";
@@ -32,5 +33,4 @@
  security.acme.defaults.email = "webmaster@kabtop.de";
  security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
  security.acme.acceptTerms = true;
 }
--- a/modules/services/server/microvm.nix
+++ b/modules/services/server/microvm.nix
@@ -1,22 +1,28 @@
 { config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
 let
  name = "gitea-runner";
 in
 {
  config,
  microvm,
  lib,
  pkgs,
  user,
  agenix,
  impermanence,
  ...
 }: let
  name = "gitea-runner";
 in {
  microvm = {
    autostart = [
      name
    ];
    vms = {
      ${name} = {
        inherit pkgs;
        config = {
          imports =
-            [ agenix.nixosModules.default ] ++
+            [agenix.nixosModules.default]
-            [ impermanence.nixosModules.impermanence ] ++
+            ++ [impermanence.nixosModules.impermanence]
-            [( ./gitea_runner.nix )];
+            ++ [(./gitea_runner.nix)];
          networking = {
            hostName = "${name}";
@@ -40,7 +46,8 @@ in
            };
          };
-          users.users.${user} = {                   # System User
+          users.users.${user} = {
            # System User
            isNormalUser = true;
            extraGroups = ["wheel"];
            uid = 2000;
@@ -64,14 +71,16 @@ in
                  path = "/persist/etc/ssh/ssh_host_rsa_key";
                  type = "rsa";
                  bits = 4096;
-              }];
+                }
              ];
            };
          };
          fileSystems."/persist".neededForBoot = lib.mkForce true;
          environment = {
-            systemPackages = with pkgs; [           # Default packages install system-wide
+            systemPackages = with pkgs; [
              # Default packages install system-wide
              bash
              coreutils
              curl
@@ -104,8 +113,10 @@ in
                type = "user";
                id = "vm-${name}";
                mac = "04:00:00:00:00:01";
-            } ];
+              }
-             shares = [{
+            ];
            shares = [
              {
                source = "/nix/store";
                mountPoint = "/nix/.ro-store";
                tag = "ro-store";
@@ -116,7 +127,8 @@ in
                mountPoint = "/persist";
                tag = "persist";
                proto = "virtiofs";
-            }];
+              }
            ];
            #writableStoreOverlay = "/nix/.rw-store";
            #storeOnDisk = true;
          };
--- a/modules/services/server/nextcloud.nix
+++ b/modules/services/server/nextcloud.nix
@@ -1,6 +1,8 @@
 { config, pkgs, ... }:
 {
  config,
  pkgs,
  ...
 }: {
  services.nextcloud = {
    enable = true;
    hostName = "cloud.kabtop.de";
@@ -95,5 +97,4 @@
  security.acme.defaults.email = "webmaster@kabtop.de";
  security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
  security.acme.acceptTerms = true;
 }
--- a/modules/services/server/ollama.nix
+++ b/modules/services/server/ollama.nix
@@ -1,9 +1,10 @@
 { config, pkgs, ... }:
 let
  ollamahostname = "llm.kabtop.de";
 in
 {
  config,
  pkgs,
  ...
 }: let
  ollamahostname = "llm.kabtop.de";
 in {
  virtualisation.oci-containers.containers."open-webui" = {
    autoStart = true;
    image = "ghcr.io/open-webui/open-webui:ollama";
--- a/modules/services/server/postgresql.nix
+++ b/modules/services/server/postgresql.nix
@@ -1,10 +1,12 @@
 #
 # System notifications
 #
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  #  imports = [ ./postgresql_upgrade.nix ];
  services.postgresql = {
    enable = true;
@@ -50,5 +52,4 @@
    file = ../../../secrets/services/postgresql/initScript.age;
    owner = "postgres";
  };
 }
--- a/modules/services/server/postgresql_upgrade.nix
+++ b/modules/services/server/postgresql_upgrade.nix
@@ -1,5 +1,9 @@
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  environment.systemPackages = [
    (let
      # XXX specify the postgresql package you'd like to upgrade to.
@@ -8,7 +12,8 @@
        # pp.plv8
      ]);
      cfg = config.services.postgresql;
-    in pkgs.writeScriptBin "upgrade-pg-cluster" ''
+    in
      pkgs.writeScriptBin "upgrade-pg-cluster" ''
        set -eux
        # XXX it's perhaps advisable to stop all services that depend on postgresql
        systemctl stop postgresql
--- a/modules/services/server/woodpecker.nix
+++ b/modules/services/server/woodpecker.nix
@@ -1,11 +1,14 @@
 #
 # CI/CD Woodpecker
 #
 { config, lib, pkgs, ...  }:
 {
-  environment.systemPackages = with pkgs; [           # Default packages install system-wide
+  config,
  lib,
  pkgs,
  ...
 }: {
  environment.systemPackages = with pkgs; [
    # Default packages install system-wide
    woodpecker-server
    woodpecker-cli
  ];
@@ -84,6 +87,4 @@
    file = ../../../secrets/services/woodpecker/environment.age;
    owner = "woodpecker";
  };
 }
--- a/modules/shell/default.nix
+++ b/modules/shell/default.nix
@@ -9,7 +9,6 @@
 #           └─ default.nix *
 #               └─ ...
 #
 [
  ./git.nix
  ./tmux.nix
--- a/modules/shell/tmux.nix
+++ b/modules/shell/tmux.nix
@@ -1,10 +1,7 @@
 #
 # Tmux
 #
-
+{pkgs, ...}: {
 { pkgs, ... }:
 {
  programs = {
    tmux = {
      enable = true;
--- a/modules/shell/zsh.nix
+++ b/modules/shell/zsh.nix
@@ -1,10 +1,7 @@
 #
 # Shell
 #
-
+{pkgs, ...}: {
 { pkgs, ... }:
 {
  programs = {
    zsh = {
      enable = true;
@@ -12,7 +9,8 @@
      syntaxHighlighting.enable = true;
      history.size = 10000;
-      oh-my-zsh = {                             # Extra plugins for zsh
+      oh-my-zsh = {
        # Extra plugins for zsh
        enable = true;
        plugins = ["git"];
        #custom = "$HOME/.config/zsh_nix/custom";
--- a/modules/wm/default.nix
+++ b/modules/wm/default.nix
@@ -1,6 +1,10 @@
 { pkgs, lib, config, ... }:
 with lib;
 {
  pkgs,
  lib,
  config,
  ...
 }:
 with lib; {
  # NOTE: Dynamic imports based on option values are not supported in NixOS modules.
  # To conditionally load a WM, either import all WM modules and use mkIf in each,
  # or select the WM module directly in the host configuration.
@@ -8,9 +12,18 @@ with lib;
  options = {
    desktop = {
-            wm = mkOption { type = types.str; default = "sway"; };
+      wm = mkOption {
-            taskbar = mkOption { type = types.str; default = "waybar"; };
+        type = types.str;
-            launcher = mkOption { type = types.str; default = "bemenu"; };
+        default = "sway";
      };
      taskbar = mkOption {
        type = types.str;
        default = "waybar";
      };
      launcher = mkOption {
        type = types.str;
        default = "bemenu";
      };
    };
  };
 }
--- a/modules/wm/kde/home.nix
+++ b/modules/wm/kde/home.nix
@@ -10,8 +10,10 @@
 #           └─ ./gnome
 #               └─ home.nix *
 #
 { config, lib, pkgs, ... }:
 {
-
+  config,
  lib,
  pkgs,
  ...
 }: {
 }
--- a/modules/wm/niri/home.nix
+++ b/modules/wm/niri/home.nix
@@ -10,10 +10,12 @@
 #           └─ ./sway
 #               └─ home.nix *
 #
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  programs = {
    swaylock = {
      enable = true;
@@ -30,12 +32,24 @@
    swayidle = {
      enable = true;
      events = [
-        { event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; }
+        {
-        { event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
+          event = "before-sleep";
          command = "${pkgs.swaylock}/bin/swaylock";
        }
        {
          event = "lock";
          command = "${pkgs.swaylock}/bin/swaylock -fF";
        }
      ];
      timeouts = [
-        { timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
+        {
-        { timeout = 600; command = "${pkgs.niri}/bin/niri msg action power-off-monitors"; }
+          timeout = 300;
          command = "${pkgs.swaylock}/bin/swaylock -fF";
        }
        {
          timeout = 600;
          command = "${pkgs.niri}/bin/niri msg action power-off-monitors";
        }
      ];
    };
  };
@@ -43,5 +57,4 @@
  xdg.configFile = {
    "niri/config.kdl".source = ./config.kdl;
  };
 }
--- a/modules/wm/steam/default.nix
+++ b/modules/wm/steam/default.nix
@@ -10,9 +10,14 @@
 #           └─ ./gnome
 #               └─ default.nix *
 #
 { config, lib, user, pkgs, jovian-nixos, ... }:
 {
  config,
  lib,
  user,
  pkgs,
  jovian-nixos,
  ...
 }: {
  imports = [
    (jovian-nixos + "/modules")
  ];
@@ -38,5 +43,4 @@
  environment.systemPackages = with pkgs; [
    steamdeck-firmware
  ];
 }
--- a/modules/wm/steam/home.nix
+++ b/modules/wm/steam/home.nix
@@ -10,9 +10,12 @@
 #           └─ ./steam
 #               └─ home.nix *
 #
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  home = {
    packages = with pkgs; [
      steam
--- a/modules/wm/sway/default.nix
+++ b/modules/wm/sway/default.nix
@@ -10,10 +10,14 @@
 #           └─ ./hyprland
 #               └─ hyprland.nix *
 #
 { config, lib, user, pkgs, desktop, ... }:
 {
  config,
  lib,
  user,
  pkgs,
  desktop,
  ...
 }: {
  imports = [../waybar.nix];
  environment = {
@@ -65,7 +69,8 @@
  security.pam.services.swaylock = {};
-  xdg.portal = {                                  # Required for flatpak with windowmanagers
+  xdg.portal = {
    # Required for flatpak with windowmanagers
    enable = true;
    wlr.enable = true;
    extraPortals = [pkgs.xdg-desktop-portal-gtk];
--- a/Show More
+++ b/Show More