Nixfmt Tree

common/backups/restic.nix

@@ -3,10 +3,17 @@
   pkgs,
   lib,
   ...
-}: let
+}:
-  inherit (lib) mkIf mkEnableOption mkOption types;
+let
+  inherit (lib)
+    mkIf
+    mkEnableOption
+    mkOption
+    types
+    ;
   cfg = config.foehammer.backups.restic;
-in {
+in
+{
   options.foehammer.backups.restic = {
     enable = mkEnableOption "Enable restic backups";
 
@@ -24,17 +31,17 @@ in {
 
     paths = mkOption {
       type = lib.types.nullOr (lib.types.listOf lib.types.str);
-      default = [];
+      default = [ ];
     };
 
     exclude = mkOption {
       type = lib.types.nullOr (lib.types.listOf lib.types.str);
-      default = [];
+      default = [ ];
     };
   };
 
   config = mkIf cfg.enable {
-    users.groups.restic = {};
+    users.groups.restic = { };
     users.users.restic = {
       isSystemUser = true;
       group = "restic";

common/caddy.nix

@@ -2,10 +2,12 @@
   config,
   lib,
   ...
-}: let
+}:
+let
   inherit (lib) mkIf mkEnableOption;
   cfg = config.foehammer.caddy;
-in {
+in
+{
   options.foehammer.caddy.enable = mkEnableOption "Enable caddy with default configuration.";
   config = mkIf cfg.enable {
     services.caddy = {
@@ -13,6 +15,9 @@ in {
       email = "foehammer127points+acme@gmail.com";
     };
 
-    networking.firewall.allowedTCPPorts = [80 443];
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
   };
 }

common/nix.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   nix = {
     extraOptions = ''
       experimental-features = nix-command flakes
@@ -17,10 +18,19 @@
         "nix-command"
       ];
 
-      trusted-users = ["root" "@wheel"];
+      trusted-users = [
+        "root"
+        "@wheel"
+      ];
 
-      substituters = ["https://cache.nixos.org" "https://cache.garnix.io"];
+      substituters = [
-      trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="];
+        "https://cache.nixos.org"
+        "https://cache.garnix.io"
+      ];
+      trusted-public-keys = [
+        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      ];
     };
   };
 }

common/nixos.nix

@@ -3,20 +3,28 @@
   lib,
   pkgs,
   ...
-}: let
+}:
+let
   inherit (lib) mkIf;
-in {
+in
+{
   config = {
     users.mutableUsers = false;
 
-    environment.systemPackages = with pkgs; [neovim git];
+    environment.systemPackages = with pkgs; [
+      neovim
+      git
+    ];
 
     networking = {
       firewall = {
         enable = true;
       };
 
-      nameservers = ["1.1.1.1" "8.8.8.8"];
+      nameservers = [
+        "1.1.1.1"
+        "8.8.8.8"
+      ];
       # If using dhcpcd:
       dhcpcd.extraConfig = mkIf config.networking.dhcpcd.enable "nohook resolv.conf";
       # If using NetworkManager:

common/services/authelia.nix

@@ -2,11 +2,18 @@
   config,
   lib,
   ...
-}: let
+}:
-  inherit (lib) mkIf types mkOption mkEnableOption;
+let
+  inherit (lib)
+    mkIf
+    types
+    mkOption
+    mkEnableOption
+    ;
 
   cfg = config.foehammer.services.authelia;
-in {
+in
+{
   options.foehammer.services.authelia = {
     enable = mkEnableOption "Enable authelia server component.";
     domain = mkOption {
@@ -27,7 +34,6 @@ in {
       type = types.path;
     };
 
-
     # https://www.authelia.com/integration/ldap/lldap/
     ldap = {
       addr = mkOption {
@@ -102,7 +108,7 @@ in {
 
     settingsFiles = mkOption {
       type = types.listOf types.path;
-      default = [];
+      default = [ ];
       example = [
         "/etc/authelia/config.yml"
         "/etc/authelia/access-control.yml"
@@ -124,7 +130,7 @@ in {
         If you provide the raw secret rather than the location of a secret file that secret will be preserved in the nix store.
         For more details: https://www.authelia.com/configuration/methods/secrets/
       '';
-      default = {};
+      default = { };
     };
   };
 
@@ -190,8 +196,7 @@ in {
       };
 
       secrets = {
-        inherit
+        inherit (cfg)
-          (cfg)
           jwtSecretFile
           oidcIssuerPrivateKeyFile
           oidcHmacSecretFile

common/services/gitea.nix

@@ -3,11 +3,13 @@
   lib,
   pkgs,
   ...
-}: let
+}:
+let
   inherit (lib) mkEnableOption mkIf mkOption;
 
   cfg = config.foehammer.services.forgejo;
-in {
+in
+{
   options.foehammer.services.forgejo = {
     enable = mkEnableOption "Enable Gitea Server";
 
@@ -44,8 +46,8 @@ in {
 
       settings = {
         service = {
-         DISABLE_REGISTRATION = true;
+          DISABLE_REGISTRATION = true;
-         SHOW_REGISTRATION_BUTTON = false;
+          SHOW_REGISTRATION_BUTTON = false;
         };
         ui = {
           SHOW_USER_EMAIL = false;

common/services/goatcounter.nix

@@ -3,11 +3,13 @@
   lib,
   pkgs,
   ...
-}: let
+}:
+let
   inherit (lib) mkEnableOption mkIf mkOption;
 
   cfg = config.foehammer.services.goatcounter;
-in {
+in
+{
   options.foehammer.services.goatcounter = {
     enable = mkEnableOption "Enable goatcounter server";
 
@@ -26,7 +28,7 @@ in {
       createHome = true;
       group = "goatcounter";
     };
-    users.groups.goatcounter = {};
+    users.groups.goatcounter = { };
 
     systemd.services.goatcounter = {
       serviceConfig = {

common/services/lldap.nix

@@ -3,11 +3,18 @@
   lib,
   pkgs,
   ...
-}: let
+}:
-  inherit (lib) mkEnableOption types mkIf mkOption;
+let
+  inherit (lib)
+    mkEnableOption
+    types
+    mkIf
+    mkOption
+    ;
 
   cfg = config.foehammer.services.lldap;
-in {
+in
+{
   options.foehammer.services.lldap = {
     enable = mkEnableOption "Enable LLDAP Server";
 
@@ -77,7 +84,7 @@ in {
       createHome = true;
       group = "lldap";
     };
-    users.groups.lldap = {};
+    users.groups.lldap = { };
 
     systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false;
   };

common/services/vaultwarden.nix

@@ -3,11 +3,13 @@
   lib,
   pkgs,
   ...
-}: let
+}:
+let
   inherit (lib) mkEnableOption mkIf mkOption;
 
   cfg = config.foehammer.services.vaultwarden;
-in {
+in
+{
   options.foehammer.services.vaultwarden = {
     enable = mkEnableOption "Enable Vaultwarden Server";
 

common/sudo.nix

@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   security.sudo = {
     enable = true;
     execWheelOnly = true;

common/tailscale.nix

@@ -2,10 +2,17 @@
   config,
   lib,
   ...
-}: let
+}:
-  inherit (lib) mkEnableOption mkOption types mkIf;
+let
+  inherit (lib)
+    mkEnableOption
+    mkOption
+    types
+    mkIf
+    ;
   cfg = config.foehammer.tailscale;
-in {
+in
+{
   options.foehammer.tailscale = {
     enable = mkEnableOption "Enable tailscale";
     authKeyFile = mkOption {
@@ -20,6 +27,6 @@ in {
       openFirewall = true;
     };
 
-    networking.firewall.trustedInterfaces = ["tailscale0"];
+    networking.firewall.trustedInterfaces = [ "tailscale0" ];
   };
 }

common/users/admin.nix

@@ -3,10 +3,18 @@
   lib,
   foelib,
   ...
-}: let
+}:
-  inherit (lib) mkIf mkOption mkEnableOption optionals types;
+let
+  inherit (lib)
+    mkIf
+    mkOption
+    mkEnableOption
+    optionals
+    types
+    ;
   cfg = config.foehammer.users.admin;
-in {
+in
+{
   options.foehammer.users.admin = {
     enable = mkEnableOption "Enable a wheel admin user.";
     hashedPasswordFile = mkOption {
@@ -20,7 +28,7 @@ in {
       description = "SSH Admin User.";
       group = "admin";
 
-      extraGroups = ["wheel"] ++ optionals config.virtualisation.docker.enable ["docker"];
+      extraGroups = [ "wheel" ] ++ optionals config.virtualisation.docker.enable [ "docker" ];
       isNormalUser = true;
       uid = 9999;
 

flake.nix

@@ -5,38 +5,54 @@
     flake-parts.url = "github:hercules-ci/flake-parts";
   };
 
-  outputs = inputs @ {self, ...}:
+  outputs =
-  inputs.flake-parts.lib.mkFlake {inherit inputs;} (toplevel @ {withSystem, ...}: {
+    inputs@{ self, ... }:
-    systems = ["aarch64-darwin" "aarch64-linux" "x86_64-linux"];
+    inputs.flake-parts.lib.mkFlake { inherit inputs; } (
+      toplevel@{ withSystem, ... }:
+      {
+        systems = [
+          "aarch64-darwin"
+          "aarch64-linux"
+          "x86_64-linux"
+        ];
 
-    perSystem = {
+        perSystem =
-      config,
+          {
-      self',
+            config,
-      inputs',
+            self',
-      pkgs,
+            inputs',
-      system,
+            pkgs,
-      ...
+            system,
-    }: {
+            ...
-      _module.args.pkgs = import inputs.nixpkgs {
+          }:
-        localSystem = system;
+          {
-        config = {
+            _module.args.pkgs = import inputs.nixpkgs {
-          allowUnfree = true;
+              localSystem = system;
-          allowAliases = true;
+              config = {
+                allowUnfree = true;
+                allowAliases = true;
+              };
+              # overlays = [self.overlays.default];
+            };
+
+            devShells.default = pkgs.mkShell {
+              buildInputs = with pkgs; [ nixfmt-tree ];
+            };
+
+            # packages = import ./lib/packages.nix pkgs;
+          };
+
+        flake = {
+          lib = import ./lib inputs.nixpkgs withSystem;
+
+          # overlays.default = final: prev: (import ./lib/packages.nix prev);
+
+          nixosModules.default =
+            { ... }:
+            {
+              imports = self.lib.utils.findNixFiles ./common;
+            };
         };
-        # overlays = [self.overlays.default];
+      }
-      };
+    );
-
-      # packages = import ./lib/packages.nix pkgs;
-    };
-
-    flake = {
-      lib = import ./lib inputs.nixpkgs withSystem;
-
-      # overlays.default = final: prev: (import ./lib/packages.nix prev);
-
-      nixosModules.default = {...}: {
-        imports = self.lib.utils.findNixFiles ./common;
-      };
-    };
-  });
 }

lib/data.nix

@@ -1,6 +1,7 @@
 rec {
-  getSSHKeys = let
+  getSSHKeys =
-    sshKeys = builtins.fromTOML (builtins.readFile ../data/ssh-keys.toml);
+    let
-  in
+      sshKeys = builtins.fromTOML (builtins.readFile ../data/ssh-keys.toml);
+    in
     name: (builtins.mapAttrs (_: value: builtins.attrValues value) sshKeys)."${name}";
 }

lib/nixos.nix

@@ -1,25 +1,28 @@
-nixpkgs: withSystem: let
+nixpkgs: withSystem:
+let
   foelib = import ./default.nix nixpkgs withSystem;
-in {
+in
-  mkSystem = hostname: host-platform: modules:
+{
-    withSystem host-platform
+  mkSystem =
-    ({pkgs, ...}:
+    hostname: host-platform: modules:
+    withSystem host-platform (
+      { pkgs, ... }:
       nixpkgs.lib.nixosSystem {
-        modules =
+        modules = [
-          [
+          {
-            {
+            nix.registry = {
-              nix.registry = {
+              nixpkgs.flake = nixpkgs;
-                nixpkgs.flake = nixpkgs;
+              p.flake = nixpkgs;
-                p.flake = nixpkgs;
+            };
-              };
+            nixpkgs.pkgs = pkgs;
-              nixpkgs.pkgs = pkgs;
 
-              networking.hostName = hostname;
+            networking.hostName = hostname;
-            }
+          }
-          ]
+        ]
-          ++ modules;
+        ++ modules;
         specialArgs = {
           inherit hostname foelib;
         };
-      });
+      }
+    );
 }

lib/packages.nix

@@ -1,28 +1,25 @@
-pkgs: let
+pkgs:
-  getPackages = dir: let
+let
-    entries = builtins.readDir dir;
+  getPackages =
+    dir:
+    let
+      entries = builtins.readDir dir;
 
-    procEntry = name: type: let
+      procEntry =
-      path = dir + "/${name}";
+        name: type:
+        let
+          path = dir + "/${name}";
+        in
+        if type == "directory" then
+          (if builtins.pathExists (path + "/default.nix") then [ path ] else [ ])
+        else
+          [ ];
     in
-      if type == "directory"
+    builtins.concatLists (builtins.attrValues (builtins.mapAttrs procEntry entries));
-      then
-        (
-          if builtins.pathExists (path + "/default.nix")
-          then [path]
-          else []
-        )
-      else [];
-  in
-    builtins.concatLists (
-      builtins.attrValues (
-        builtins.mapAttrs procEntry entries
-      )
-    );
 
   buildPackage = path: {
     name = builtins.baseNameOf (toString path);
-    value = pkgs.callPackage (path + "/default.nix") {};
+    value = pkgs.callPackage (path + "/default.nix") { };
   };
 in
-  builtins.listToAttrs (builtins.map buildPackage (getPackages ../packages))
+builtins.listToAttrs (builtins.map buildPackage (getPackages ../packages))

lib/utils.nix

@@ -1,47 +1,54 @@
 rec {
-  findNixFiles = dir: let
+  findNixFiles =
-    inherit (builtins) attrNames readDir pathExists concatMap;
+    dir:
+    let
+      inherit (builtins)
+        attrNames
+        readDir
+        pathExists
+        concatMap
+        ;
 
-    # Helper function to build full paths
+      # Helper function to build full paths
-    fullPath = name: dir + "/${name}";
+      fullPath = name: dir + "/${name}";
 
-    # Get directory contents
+      # Get directory contents
-    contents = readDir dir;
+      contents = readDir dir;
 
-    # Convert contents attrset to list of names
+      # Convert contents attrset to list of names
-    names = attrNames contents;
+      names = attrNames contents;
 
-    # Filter and process each item
+      # Filter and process each item
-    processItem = name: let
+      processItem =
-      path = fullPath name;
+        name:
-      type = contents.${name};
+        let
+          path = fullPath name;
+          type = contents.${name};
+        in
+        if type == "regular" && hasSuffix "nix" name then
+          [ path ]
+        else if type == "directory" && pathExists path then
+          findNixFiles path
+        else
+          [ ];
     in
-      if type == "regular" && hasSuffix "nix" name
-      then [path]
-      else if type == "directory" && pathExists path
-      then findNixFiles path
-      else [];
-  in
     concatMap processItem names;
 
-  getName = filename: let
+  getName =
-    parts = builtins.split "\\." filename;
+    filename:
-    base = builtins.head (builtins.split "\\." filename);
+    let
-  in
+      parts = builtins.split "\\." filename;
-    if builtins.length parts == 1
+      base = builtins.head (builtins.split "\\." filename);
-    then filename
+    in
-    else base;
+    if builtins.length parts == 1 then filename else base;
 
-  getSuffix = filename: let
+  getSuffix =
-    parts = builtins.split "\\." filename;
+    filename:
-    end = builtins.tail (builtins.split "\\." filename);
+    let
-  in
+      parts = builtins.split "\\." filename;
-    if builtins.length parts == 1
+      end = builtins.tail (builtins.split "\\." filename);
-    then filename
+    in
-    else builtins.elemAt end (builtins.length end - 1);
+    if builtins.length parts == 1 then filename else builtins.elemAt end (builtins.length end - 1);
 
-  hasSuffix = suffix: filename:
+  hasSuffix = suffix: filename: if (getSuffix filename) == suffix then true else false;
-    if (getSuffix filename) == suffix
-    then true
-    else false;
 }

machines/lebesgue/config/configuration.nix

@@ -3,7 +3,8 @@
   lib,
   pkgs,
   ...
-}: {
+}:
+{
   foehammer = {
     users.admin = {
       enable = true;
@@ -62,7 +63,11 @@
       environmentFile = config.sops.secrets.restic-env.path;
       passwordFile = config.sops.secrets.restic-password.path;
 
-      paths = ["/var/lib/vaultwarden" "/var/lib/authelia" "/var/lib/forgejo"];
+      paths = [
+        "/var/lib/vaultwarden"
+        "/var/lib/authelia"
+        "/var/lib/forgejo"
+      ];
     };
 
     tailscale = {
@@ -76,7 +81,7 @@
 
   i18n.defaultLocale = "en_US.UTF-8";
 
-  networking.firewall.allowedTCPPorts = [22];
+  networking.firewall.allowedTCPPorts = [ 22 ];
 
   system.stateVersion = "24.11";
 }

machines/lebesgue/config/hardware-configuration.nix

@@ -4,18 +4,25 @@
   pkgs,
   modulesPath,
   ...
-}: {
+}:
+{
   imports = [
     (modulesPath + "/profiles/qemu-guest.nix")
   ];
 
   services.qemuGuest.enable = true;
 
-  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
+  boot.initrd.availableKernelModules = [
-  boot.initrd.kernelModules = [];
+    "ata_piix"
-  boot.kernelModules = [];
+    "uhci_hcd"
-  boot.extraModulePackages = [];
+    "virtio_pci"
-  boot.supportedFilesystems = ["btrfs"];
+    "sr_mod"
+    "virtio_blk"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+  boot.supportedFilesystems = [ "btrfs" ];
 
   boot.initrd.postDeviceCommands = lib.mkAfter ''
     mkdir /btrfs_tmp
@@ -45,30 +52,54 @@
   fileSystems."/" = {
     device = "/dev/disk/by-label/NIXROOT";
     fsType = "btrfs";
-    options = ["subvol=root" "defaults" "noatime" "compress=zstd:1" "discard=async" "nodatacow"];
+    options = [
+      "subvol=root"
+      "defaults"
+      "noatime"
+      "compress=zstd:1"
+      "discard=async"
+      "nodatacow"
+    ];
   };
 
   fileSystems."/nix" = {
     device = "/dev/disk/by-label/NIXROOT";
     fsType = "btrfs";
     neededForBoot = true;
-    options = ["subvol=nix" "defaults" "noatime" "compress=zstd:3" "discard=async" "nodatacow"];
+    options = [
+      "subvol=nix"
+      "defaults"
+      "noatime"
+      "compress=zstd:3"
+      "discard=async"
+      "nodatacow"
+    ];
   };
 
   fileSystems."/persist" = {
     device = "/dev/disk/by-label/NIXROOT";
     fsType = "btrfs";
     neededForBoot = true;
-    options = ["subvol=persist" "defaults" "noatime" "compress=zstd:1" "discard=async" "nodatacow"];
+    options = [
+      "subvol=persist"
+      "defaults"
+      "noatime"
+      "compress=zstd:1"
+      "discard=async"
+      "nodatacow"
+    ];
   };
 
   fileSystems."/boot" = {
     device = "/dev/disk/by-label/NIXBOOT";
     fsType = "vfat";
-    options = ["fmask=0077" "dmask=0077"];
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
   };
 
-  swapDevices = [];
+  swapDevices = [ ];
 
   networking.useDHCP = lib.mkDefault true;
 

machines/lebesgue/config/routing.nix

@@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
   foehammer.caddy.enable = true;
 
   services.caddy = {

machines/lebesgue/config/secrets.nix

@@ -1,31 +1,40 @@
-{...}: {
+{ ... }:
+{
   sops = {
     defaultSopsFile = ../secrets/main.yaml;
 
-    secrets = let
+    secrets =
-      autheliaSecret = {
+      let
-        owner = "authelia-main";
+        autheliaSecret = {
-        sopsFile = ../secrets/authelia/secrets.yaml;
+          owner = "authelia-main";
+          sopsFile = ../secrets/authelia/secrets.yaml;
+        };
+      in
+      {
+        admin-password.neededForUsers = true;
+
+        tskey = { };
+
+        vaultwarden-env = { };
+
+        restic-env = {
+          owner = "restic";
+        };
+        restic-password = {
+          owner = "restic";
+        };
+        restic-repository = {
+          owner = "restic";
+        };
+
+        lldap-admin-password.owner = "lldap";
+
+        authelia-jwtsecret = autheliaSecret;
+        authelia-oidc-privkey = autheliaSecret;
+        authelia-oidc-hmac = autheliaSecret;
+        authelia-session-secret = autheliaSecret;
+        authelia-storage-encryption = autheliaSecret;
+        authelia-lldap-password = autheliaSecret;
       };
-    in {
-      admin-password.neededForUsers = true;
-
-      tskey = {};
-
-      vaultwarden-env = {};
-
-      restic-env = {owner = "restic";};
-      restic-password = {owner = "restic";};
-      restic-repository = {owner = "restic";};
-
-      lldap-admin-password.owner = "lldap";
-
-      authelia-jwtsecret = autheliaSecret;
-      authelia-oidc-privkey = autheliaSecret;
-      authelia-oidc-hmac = autheliaSecret;
-      authelia-session-secret = autheliaSecret;
-      authelia-storage-encryption = autheliaSecret;
-      authelia-lldap-password = autheliaSecret;
-    };
   };
 }

machines/lebesgue/config/state.nix

@@ -1,5 +1,6 @@
-{config, ...}: {
+{ config, ... }:
-  sops.age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
+{
+  sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
 
   environment.persistence."/persist" = {
     directories = [
@@ -14,7 +15,12 @@
       "/var/lib/caddy/.local/share/caddy"
       "/var/lib/vaultwarden"
 
-      { directory = "/var/lib/lldap"; user = "lldap"; group = "lldap"; mode = "0700"; }
+      {
+        directory = "/var/lib/lldap";
+        user = "lldap";
+        group = "lldap";
+        mode = "0700";
+      }
     ];
 
     files = [

machines/lebesgue/flake.nix

@@ -12,31 +12,48 @@
       url = "github:nix-community/impermanence";
     };
   };
-  outputs = inputs @ {common, ...}: let
+  outputs =
-    supportedSystems = ["x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"];
+    inputs@{ common, ... }:
-    forAllSystems = inputs.nixpkgs.lib.genAttrs supportedSystems;
+    let
-    buildNixpkgs = system:
+      supportedSystems = [
-      import inputs.nixpkgs {
+        "x86_64-linux"
-        inherit system;
+        "aarch64-linux"
-        overlays = [];
+        "x86_64-darwin"
-      };
+        "aarch64-darwin"
-  in {
-    nixosConfigurations.default = let
-      config = common.lib.utils.findNixFiles ./config;
-      modules = [
-        inputs.sops-nix.nixosModules.sops
-        inputs.common.nixosModules.default
-        inputs.impermanence.nixosModules.impermanence
       ];
+      forAllSystems = inputs.nixpkgs.lib.genAttrs supportedSystems;
+      buildNixpkgs =
+        system:
+        import inputs.nixpkgs {
+          inherit system;
+          overlays = [ ];
+        };
     in
-      common.lib.mkSystem "lebesgue" "x86_64-linux" (config ++ modules);
+    {
+      nixosConfigurations.default =
+        let
+          config = common.lib.utils.findNixFiles ./config;
+          modules = [
+            inputs.sops-nix.nixosModules.sops
+            inputs.common.nixosModules.default
+            inputs.impermanence.nixosModules.impermanence
+          ];
+        in
+        common.lib.mkSystem "lebesgue" "x86_64-linux" (config ++ modules);
 
-    devShells = forAllSystems (system: let
+      devShells = forAllSystems (
-      pkgs = buildNixpkgs system;
+        system:
-    in {
+        let
-      default = pkgs.mkShell {
+          pkgs = buildNixpkgs system;
-        buildInputs = with pkgs; [sops nixos-rebuild];
+        in
-      };
+        {
-    });
+          default = pkgs.mkShell {
-  };
+            buildInputs = with pkgs; [
+              sops
+              nixos-rebuild
+            ];
+          };
+        }
+      );
+    };
 }