Format everything with alejandra

2024-03-20 12:54:25 +01:00 · 2024-03-20 12:54:25 +01:00 · 7888103b1e
commit 7888103b1e
parent 82bbd7ce87
100 changed files with 2827 additions and 2756 deletions
--- a/roles/server/avahi.nix
+++ b/roles/server/avahi.nix
@ -1,11 +1,9 @@
-{ config, ... }:
-
-{
-	services.avahi = {
-		openFirewall = true;
-		publish = {
-			enable = true;
-			userServices = true;
-		};
-	};
-}
+{config, ...}: {
+  services.avahi = {
+    openFirewall = true;
+    publish = {
+      enable = true;
+      userServices = true;
+    };
+  };
+}
--- a/roles/server/beep.nix
+++ b/roles/server/beep.nix
@ -1,16 +1,20 @@
-{ config, pkgs, ... }:
-
 {
-	# Beep as soon as possible in the initrd
-	boot.initrd = {
-		kernelModules = [ "pcspkr" ];
-		extraFiles.beep.source = pkgs.beep;
-		postDeviceCommands = "/beep/bin/beep -f 3000 -l 50 -r 2";
-	};
-	/*systemd.services.startupBeep = {
-		description = "Beep when system started booting";
-		wantedBy = [ "sysinit.target" ];
-		script = "${pkgs.beep}/bin/beep -f 3000 -l 50 -r 2";
- 		serviceConfig = { Type = "oneshot"; }; 
-	};*/
+  config,
+  pkgs,
+  ...
+}: {
+  # Beep as soon as possible in the initrd
+  boot.initrd = {
+    kernelModules = ["pcspkr"];
+    extraFiles.beep.source = pkgs.beep;
+    postDeviceCommands = "/beep/bin/beep -f 3000 -l 50 -r 2";
+  };
+  /*
+    systemd.services.startupBeep = {
+  	description = "Beep when system started booting";
+  	wantedBy = [ "sysinit.target" ];
+  	script = "${pkgs.beep}/bin/beep -f 3000 -l 50 -r 2";
+  		serviceConfig = { Type = "oneshot"; };
+  };
+  */
 }
--- a/roles/server/ddclient.nix
+++ b/roles/server/ddclient.nix
@ -1,20 +1,20 @@
-{ config, flakeSelf, ... }:
-
-let
-	hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName;
-in
-
 {
-	# Set up secrets
-	age.secrets = { ddclient-passwd.file = hostSecrets + "/ddclient-password.age"; };
+  config,
+  flakeSelf,
+  ...
+}: let
+  hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName;
+in {
+  # Set up secrets
+  age.secrets = {ddclient-passwd.file = hostSecrets + "/ddclient-password.age";};

-	services.ddclient = {
-		enable = true;
-		use = "web, web=dynamicdns.park-your-domain.com/getip";
-		protocol = "namecheap";
-		server = "dynamicdns.park-your-domain.com";
-		username = "toast003.xyz";
-		passwordFile = config.age.secrets.ddclient-passwd.path;
-		domains = [ "@" ];
-	};
+  services.ddclient = {
+    enable = true;
+    use = "web, web=dynamicdns.park-your-domain.com/getip";
+    protocol = "namecheap";
+    server = "dynamicdns.park-your-domain.com";
+    username = "toast003.xyz";
+    passwordFile = config.age.secrets.ddclient-passwd.path;
+    domains = ["@"];
+  };
 }
--- a/roles/server/default.nix
+++ b/roles/server/default.nix
@ -1,20 +1,18 @@
-{ ... }:
-
-{
-	imports = [
-		./avahi.nix
-		./nfs.nix
-		./samba.nix
-		./ssh.nix
-		./forgejo.nix
-		./syncthing.nix
-		./endlessh.nix
-		./transmission.nix
-		./ddclient.nix
-		./beep.nix
-		./tailscale.nix
-		./traefik.nix
-		./minecraft.nix
-		./dns.nix
-	];
+{...}: {
+  imports = [
+    ./avahi.nix
+    ./nfs.nix
+    ./samba.nix
+    ./ssh.nix
+    ./forgejo.nix
+    ./syncthing.nix
+    ./endlessh.nix
+    ./transmission.nix
+    ./ddclient.nix
+    ./beep.nix
+    ./tailscale.nix
+    ./traefik.nix
+    ./minecraft.nix
+    ./dns.nix
+  ];
 }
--- a/roles/server/dns.nix
+++ b/roles/server/dns.nix
@ -1,22 +1,20 @@
-{ ... }:
-
-{
+{...}: {
  services.dnsmasq = {
    enable = true;
-    
+
    # Only using this for tailscale IPs, so better to let tailscale itself deal with it
    resolveLocalQueries = false;
-    
+
    settings = {
-      listen-address = [ "100.73.96.48" ];
-      
+      listen-address = ["100.73.96.48"];
+
      /*
      Dnsmasq tries to use the tailscale dns server, which is bad cause that points to dnsmasq
      From the little testing I have done it seems to not cause any issues, but better to be safe
      than sorry :P
      */
      dns-loop-detect = true;
-      
+
      # If this isn't set a cname that targets a host might return the wrong ip
      localise-queries = true;
      ## IPv6 is not a thing in Spain so I'm guaranteed to not use it
@ -29,11 +27,11 @@

  # Add tailscale hosts
  networking.hosts = {
-    "100.73.96.48" = [ "everest" ];
-    "100.113.139.93" = [ "archie" ];
-    "100.85.48.85" = [ "steamdeck" ];
-    "100.96.92.13" = [ "surfecego" ];
-    "100.106.73.20" = [ "winmax2" ];
+    "100.73.96.48" = ["everest"];
+    "100.113.139.93" = ["archie"];
+    "100.85.48.85" = ["steamdeck"];
+    "100.96.92.13" = ["surfecego"];
+    "100.106.73.20" = ["winmax2"];
  };

  # Dnsmasq conflicts with the resolved dns stub listener
--- a/roles/server/endlessh.nix
+++ b/roles/server/endlessh.nix
@ -1,10 +1,8 @@
-{ config, ... }: 
-
-{
-	# I prefer using the go implementation
-	services.endlessh-go = {
-		enable = true;
-		openFirewall = true;
-		extraOptions =  [ "-alsologtostderr" "-v=1"] ;
-	};
-}
+{config, ...}: {
+  # I prefer using the go implementation
+  services.endlessh-go = {
+    enable = true;
+    openFirewall = true;
+    extraOptions = ["-alsologtostderr" "-v=1"];
+  };
+}
--- a/roles/server/forgejo.nix
+++ b/roles/server/forgejo.nix
@ -1,6 +1,8 @@
-{ config, lib, ... }:
-
 {
+  config,
+  lib,
+  ...
+}: {
  specialisation.forgejoEnableRegistration.configuration.services.forgejo.settings.service.DISABLE_REGISTRATION = false;
  services.forgejo = {
    enable = true;
@ -22,7 +24,7 @@
  };

  # Add a cname for forgejo
-  services.dnsmasq.settings.cname = [ "git.everest.sable-pancake.ts.net,everest" ];
+  services.dnsmasq.settings.cname = ["git.everest.sable-pancake.ts.net,everest"];

  # Set up traefik as the reverse proxy for Forgejo
  services.traefik = {
@ -35,7 +37,7 @@
          };
        };
        services.forgejo.loadBalancer.servers = [
-          { url = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; }
+          {url = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";}
        ];
      };
    };
--- a/roles/server/minecraft.nix
+++ b/roles/server/minecraft.nix
@ -1,115 +1,116 @@
-{ config, pkgs, flakeSelf, ... }:
-let
-	atfc = builtins.fetchurl {
-		url = "https://www.curseforge.com/api/v1/mods/813246/files/4732590/download";
-		sha256 = "0yl6ixmhfgqvcj3kfshpf8fy42vkkmjbn7d7yg86jx0ykiiq5f9x";
-	};
-	puffish_skills = builtins.fetchurl {
-		url = "https://www.curseforge.com/api/v1/mods/835091/files/4747353/download";
-		sha256 = "1pwx8zqih019l12lrmllrjv2al0mjzwj4p5qmc4ps1g555jy8qil";
-	};
-	spark = builtins.fetchurl {
-		url = "https://www.curseforge.com/api/v1/mods/361579/files/4505375/download";
-		sha256 = "1708lrx1nif0mvf7ambw8504j12wbn0vm69wsh21p8ylqpql1s4x";
-	};
-	
-	port = 25565;
-	users = config.users;
-in
 {
-	users = {
-		groups.minecraft = {
-			members = [ "toast" ];
-			gid = 987;
-		};
-		users.atfc = {
-			isSystemUser = true;
-			uid = 988;
-			group = "minecraft";
-			home = "/var/lib/minecraft/atfc";
-			homeMode = "750";
-			createHome = true;
-		};
-	};
-	
-	virtualisation.oci-containers = {
-		containers."minecraft-atfc" = {
-			autoStart = true;
-			image = "itzg/minecraft-server";
-			#user = "${toString users.users.atfc.uid}:${toString users.groups.minecraft.gid}";
-			environment = {
-				TZ = "Europe/Madrid";
-				EULA = "true";
-				TYPE = "forge";
-				MEMORY = "2G";
-				UID = toString users.users.atfc.uid;
-				GID = toString users.groups.minecraft.gid;
-				VERSION = "1.18.2";
-				FORGE_VERSION = "40.2.10";
-				GENERIC_PACK = "/modpack.zip";
-				#USE_AIKAR_FLAGS = "true";
-				
-				#STOP_DURATION = "70";
-				STOP_SERVER_ANNOUNCE_DELAY = "25";
+  config,
+  pkgs,
+  flakeSelf,
+  ...
+}: let
+  atfc = builtins.fetchurl {
+    url = "https://www.curseforge.com/api/v1/mods/813246/files/4732590/download";
+    sha256 = "0yl6ixmhfgqvcj3kfshpf8fy42vkkmjbn7d7yg86jx0ykiiq5f9x";
+  };
+  puffish_skills = builtins.fetchurl {
+    url = "https://www.curseforge.com/api/v1/mods/835091/files/4747353/download";
+    sha256 = "1pwx8zqih019l12lrmllrjv2al0mjzwj4p5qmc4ps1g555jy8qil";
+  };
+  spark = builtins.fetchurl {
+    url = "https://www.curseforge.com/api/v1/mods/361579/files/4505375/download";
+    sha256 = "1708lrx1nif0mvf7ambw8504j12wbn0vm69wsh21p8ylqpql1s4x";
+  };

-				# server.properties
-				MOTD = "Toast's modded minecraft server";
-				DIFFICULTY = "hard";
-				SNOOPER_ENABLED = "false";
-				SPAWN_PROTECTION = "0";
-				LEVEL_TYPE = "tfc:tng";
-				BROADCAST_CONSOLE_TO_OPS = "true";
-				BROADCAST_RCON_TO_OPS = "true";
-				VIEW_DISTANCE = "16";
-				MAX_PLAYERS = "4";
+  port = 25565;
+  users = config.users;
+in {
+  users = {
+    groups.minecraft = {
+      members = ["toast"];
+      gid = 987;
+    };
+    users.atfc = {
+      isSystemUser = true;
+      uid = 988;
+      group = "minecraft";
+      home = "/var/lib/minecraft/atfc";
+      homeMode = "750";
+      createHome = true;
+    };
+  };

-				RCON_CMDS_LAST_DISCONNECT = "save-all";
-				
-				OPS = "b3ca4afb-a3da-4a78-85c3-2292fd0787e2,0cb3d02a-1d1f-4d7f-b70c-bd53dc155cff";
-				EXISTING_OPS_FILE = "synchronize";
+  virtualisation.oci-containers = {
+    containers."minecraft-atfc" = {
+      autoStart = true;
+      image = "itzg/minecraft-server";
+      #user = "${toString users.users.atfc.uid}:${toString users.groups.minecraft.gid}";
+      environment = {
+        TZ = "Europe/Madrid";
+        EULA = "true";
+        TYPE = "forge";
+        MEMORY = "2G";
+        UID = toString users.users.atfc.uid;
+        GID = toString users.groups.minecraft.gid;
+        VERSION = "1.18.2";
+        FORGE_VERSION = "40.2.10";
+        GENERIC_PACK = "/modpack.zip";
+        #USE_AIKAR_FLAGS = "true";

-				WHITELIST = "b3ca4afb-a3da-4a78-85c3-2292fd0787e2,0cb3d02a-1d1f-4d7f-b70c-bd53dc155cff,03f080e8-ce8e-4b90-a312-734747ce7db0,ea88f690-cf46-4416-bfd5-6f6b165885f7";
-				EXISTING_WHITELIST_FILE = "synchronize";
+        #STOP_DURATION = "70";
+        STOP_SERVER_ANNOUNCE_DELAY = "25";

-				# Auto pause needs this
-				MAX_TICK_TIME = "-1";
-				AUTOPAUSE_KNOCK_INTERFACE = "tap0";
-				ENABLE_AUTOPAUSE = "true";
-			};
-			extraOptions = [
-			 "--network=slirp4netns:port_handler=slirp4netns"
-			 "--cap-add=CAP_NET_RAW"
-			];
-			
-			volumes = [
-				"${atfc}:/modpack.zip"
-				"${puffish_skills}:/mods/puffish_skills.jar"
-				"${spark}:/mods/spark.jar"
-				"${users.users.atfc.home}:/data"
-				#"/tmp/minecraft:/data"
-			];
-			ports = [ "25565:${toString port}" ];
-		};
-	};
-	
-	networking.firewall.allowedTCPPorts = [ port ];
+        # server.properties
+        MOTD = "Toast's modded minecraft server";
+        DIFFICULTY = "hard";
+        SNOOPER_ENABLED = "false";
+        SPAWN_PROTECTION = "0";
+        LEVEL_TYPE = "tfc:tng";
+        BROADCAST_CONSOLE_TO_OPS = "true";
+        BROADCAST_RCON_TO_OPS = "true";
+        VIEW_DISTANCE = "16";
+        MAX_PLAYERS = "4";

-	# anything-sync-daemon config
-	systemd.packages = with pkgs; [ flakeSelf.packages.x86_64-linux.anything-sync-daemon ];
-	environment.systemPackages = with pkgs; [ flakeSelf.packages.x86_64-linux.anything-sync-daemon ];
-	fileSystems.minecraftTmpfs = {
-		device = "none";
-		fsType = "tmpfs";
-		mountPoint = "/mnt/minecraftTmpfs";
-		options = [ "size=4G "];
-	};
-	environment.etc."asd.conf".text =
-''WHATTOSYNC=('/var/lib/minecraft')
-VOLATILE="${config.fileSystems.minecraftTmpfs.mountPoint}"
-USE_OVERLAYFS="yes" '';
-	systemd.services.asd = {
-		wantedBy = [ "podman-minecraft-atfc.service" ];
-		before = [ "podman-minecraft-atfc.service" ];
-	};
-	
+        RCON_CMDS_LAST_DISCONNECT = "save-all";
+
+        OPS = "b3ca4afb-a3da-4a78-85c3-2292fd0787e2,0cb3d02a-1d1f-4d7f-b70c-bd53dc155cff";
+        EXISTING_OPS_FILE = "synchronize";
+
+        WHITELIST = "b3ca4afb-a3da-4a78-85c3-2292fd0787e2,0cb3d02a-1d1f-4d7f-b70c-bd53dc155cff,03f080e8-ce8e-4b90-a312-734747ce7db0,ea88f690-cf46-4416-bfd5-6f6b165885f7";
+        EXISTING_WHITELIST_FILE = "synchronize";
+
+        # Auto pause needs this
+        MAX_TICK_TIME = "-1";
+        AUTOPAUSE_KNOCK_INTERFACE = "tap0";
+        ENABLE_AUTOPAUSE = "true";
+      };
+      extraOptions = [
+        "--network=slirp4netns:port_handler=slirp4netns"
+        "--cap-add=CAP_NET_RAW"
+      ];
+
+      volumes = [
+        "${atfc}:/modpack.zip"
+        "${puffish_skills}:/mods/puffish_skills.jar"
+        "${spark}:/mods/spark.jar"
+        "${users.users.atfc.home}:/data"
+        #"/tmp/minecraft:/data"
+      ];
+      ports = ["25565:${toString port}"];
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [port];
+
+  # anything-sync-daemon config
+  systemd.packages = with pkgs; [flakeSelf.packages.x86_64-linux.anything-sync-daemon];
+  environment.systemPackages = with pkgs; [flakeSelf.packages.x86_64-linux.anything-sync-daemon];
+  fileSystems.minecraftTmpfs = {
+    device = "none";
+    fsType = "tmpfs";
+    mountPoint = "/mnt/minecraftTmpfs";
+    options = ["size=4G "];
+  };
+  environment.etc."asd.conf".text = ''    WHATTOSYNC=('/var/lib/minecraft')
+    VOLATILE="${config.fileSystems.minecraftTmpfs.mountPoint}"
+    USE_OVERLAYFS="yes" '';
+  systemd.services.asd = {
+    wantedBy = ["podman-minecraft-atfc.service"];
+    before = ["podman-minecraft-atfc.service"];
+  };
 }
--- a/roles/server/nfs.nix
+++ b/roles/server/nfs.nix
@ -1,36 +1,38 @@
-{ config, lib, ... }:
-
 {
-	services = {
-		nfs.server = {
-			enable = true;
-			exports = ''
-	${config.services.transmission.settings.download-dir} *.sable-pancake.ts.net(ro,all_squash,anonuid=${toString config.users.users.transmission.uid},anongid=${toString config.users.groups.transmission.gid})
-					'';
-					# NFSv3 uses random ports, so you need to make them static to be able to pass though the firewall
-					statdPort = 4000;
-					lockdPort = 4001;
-					mountdPort = 4002;
-		};
+  config,
+  lib,
+  ...
+}: {
+  services = {
+    nfs.server = {
+      enable = true;
+      exports = ''
+        ${config.services.transmission.settings.download-dir} *.sable-pancake.ts.net(ro,all_squash,anonuid=${toString config.users.users.transmission.uid},anongid=${toString config.users.groups.transmission.gid})
+      '';
+      # NFSv3 uses random ports, so you need to make them static to be able to pass though the firewall
+      statdPort = 4000;
+      lockdPort = 4001;
+      mountdPort = 4002;
+    };

-		avahi.extraServiceFiles = {
-			Transmission-downloads-nfs = ''
-<?xml version="1.0" standalone='no'?>
-<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
-<service-group>
-	<name replace-wildcards="yes">Transmission Downloads on %h (NFS)</name>
-	<service>
-		<type>_nfs._tcp</type>
-		<port>2049</port>
-		<txt-record>path=${config.services.transmission.settings.download-dir}</txt-record>
-	</service>
-</service-group>
-'';
-		};
-	};
+    avahi.extraServiceFiles = {
+      Transmission-downloads-nfs = ''
+        <?xml version="1.0" standalone='no'?>
+        <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+        <service-group>
+        	<name replace-wildcards="yes">Transmission Downloads on %h (NFS)</name>
+        	<service>
+        		<type>_nfs._tcp</type>
+        		<port>2049</port>
+        		<txt-record>path=${config.services.transmission.settings.download-dir}</txt-record>
+        	</service>
+        </service-group>
+      '';
+    };
+  };

-	networking.firewall = {
-		allowedTCPPorts = [ 111 2049 4000 40001 4002 ]; 
-		allowedUDPPorts = [ 111 2049 4000 40001 4002 ];
-	};
+  networking.firewall = {
+    allowedTCPPorts = [111 2049 4000 40001 4002];
+    allowedUDPPorts = [111 2049 4000 40001 4002];
+  };
 }
--- a/roles/server/samba.nix
+++ b/roles/server/samba.nix
@ -1,37 +1,39 @@
-{ config, lib, ... }:
-
 {
-	services = {
-		samba = {
-			enable = true;
-			openFirewall = true;
-			extraConfig = ''
-map to guest = bad user
-guest account = transmission
-'';
-			shares = {
-				"Transmission downloads" = {
-					path = "${config.services.transmission.settings.download-dir}";
-					"read only" = true;
-					public = true;
-					"guest only" = true;
-					browseable = true;
-				};
-			};
-		};
+  config,
+  lib,
+  ...
+}: {
+  services = {
+    samba = {
+      enable = true;
+      openFirewall = true;
+      extraConfig = ''
+        map to guest = bad user
+        guest account = transmission
+      '';
+      shares = {
+        "Transmission downloads" = {
+          path = "${config.services.transmission.settings.download-dir}";
+          "read only" = true;
+          public = true;
+          "guest only" = true;
+          browseable = true;
+        };
+      };
+    };

-		avahi.extraServiceFiles = {
-			Transmission-downloads-smb = ''
-<?xml version="1.0" standalone='no'?>
-<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
-<service-group>
-	<name replace-wildcards="yes">SMB shares on %h</name>
-	<service>
-		<type>_smb._tcp</type>
-		<port>139</port>
-	</service>
-</service-group>
-'';
-		};
-	};
+    avahi.extraServiceFiles = {
+      Transmission-downloads-smb = ''
+        <?xml version="1.0" standalone='no'?>
+        <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+        <service-group>
+        	<name replace-wildcards="yes">SMB shares on %h</name>
+        	<service>
+        		<type>_smb._tcp</type>
+        		<port>139</port>
+        	</service>
+        </service-group>
+      '';
+    };
+  };
 }
--- a/roles/server/ssh.nix
+++ b/roles/server/ssh.nix
@ -1,12 +1,10 @@
-{ config, ... }:
-
-{
-	services.openssh = {
-		enable = true;
-		settings = {
-			PermitRootLogin = "no";
-			PasswordAuthentication = false;
-		};
-		startWhenNeeded = true;
-	};
+{config, ...}: {
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+    };
+    startWhenNeeded = true;
+  };
 }
--- a/roles/server/syncthing.nix
+++ b/roles/server/syncthing.nix
@ -1,57 +1,55 @@
-{ config, ... }:
+{config, ...}: {
+  services.syncthing = {
+    enable = true;
+    key = config.age.secrets.syncthingKey.path;
+    cert = config.age.secrets.syncthingCert.path;
+    guiAddress = "0.0.0.0:8384";
+    settings.folders = {
+      "passwords" = {
+        path = "${config.services.syncthing.dataDir}/passwords";
+      };
+      "school-things" = {
+        label = "School things";
+        id = "z6alc-nfoqr";
+        devices = ["steamdeck" "server" "pc" "winmax2"];
+        path = "${config.services.syncthing.dataDir}/school-things";
+      };
+      "steam-201810" = {
+        label = "Wolfenstein The New Order Saves";
+        id = "laxxf-t2wmy";
+        devices = ["steamdeck" "server" "pc" "winmax2"];
+        path = "${config.services.syncthing.dataDir}/steam-201810";
+      };
+      "retroarch" = {
+        label = "RetroArch";
+        id = "jxuou-2yjnu";
+        devices = ["steamdeck" "server" "pc" "winmax2"];
+        path = "${config.services.syncthing.dataDir}/retroarch";
+      };
+    };
+  };
+  systemd.services.syncthing.serviceConfig = {
+    # Allow syncthing to change ownership of files
+    AmbientCapabilities = "CAP_CHOWN CAP_FOWNER";
+  };

-{
-	services.syncthing = {
-		enable = true;
-		key = config.age.secrets.syncthingKey.path;
-		cert = config.age.secrets.syncthingCert.path;
-		guiAddress = "0.0.0.0:8384";
-		settings.folders = {
-			"passwords" = {
-				path = "${config.services.syncthing.dataDir}/passwords";
-			};
-			"school-things" = {
-				label = "School things";
-				id = "z6alc-nfoqr";
-				devices = [ "steamdeck" "server" "pc" "winmax2" ];
-				path = "${config.services.syncthing.dataDir}/school-things";
-			};
-			"steam-201810" = {
-				label = "Wolfenstein The New Order Saves";
-				id = "laxxf-t2wmy";
-				devices = [ "steamdeck" "server" "pc" "winmax2" ];
-				path = "${config.services.syncthing.dataDir}/steam-201810";
-			};
-			"retroarch"= {
-			label = "RetroArch";
-			id = "jxuou-2yjnu";
-			devices = [ "steamdeck" "server" "pc" "winmax2" ];
-			path = "${config.services.syncthing.dataDir}/retroarch";
-		};
-		};
-	};
-	systemd.services.syncthing.serviceConfig = {
-		# Allow syncthing to change ownership of files
-		AmbientCapabilities = "CAP_CHOWN CAP_FOWNER";
-	};
+  # Add a cname for syncthing
+  services.dnsmasq.settings.cname = ["sync.everest.sable-pancake.ts.net,everest"];

-	# Add a cname for syncthing
-	services.dnsmasq.settings.cname = [ "sync.everest.sable-pancake.ts.net,everest" ];
-
-	# Set up traefik as the reverse proxy for syncthing
-	services.traefik = {
-		dynamicConfigOptions = {
-			http = {
-				routers = {
-					syncthing-subdomain = {
-						rule = "Host(`sync.everest.sable-pancake.ts.net`)";
-						service = "syncthing";
-					};
-				};
-				services.syncthing.loadBalancer.servers = [
-					{ url = "http://localhost:8384"; }
-				];
-			};
-		};
-	};
+  # Set up traefik as the reverse proxy for syncthing
+  services.traefik = {
+    dynamicConfigOptions = {
+      http = {
+        routers = {
+          syncthing-subdomain = {
+            rule = "Host(`sync.everest.sable-pancake.ts.net`)";
+            service = "syncthing";
+          };
+        };
+        services.syncthing.loadBalancer.servers = [
+          {url = "http://localhost:8384";}
+        ];
+      };
+    };
+  };
 }
--- a/roles/server/tailscale.nix
+++ b/roles/server/tailscale.nix
@ -1,8 +1,6 @@
-{ config, ... }:
-
-{
-	services.tailscale = {
-		# This is needed for being an exit node
-		useRoutingFeatures = "server";
-	};
+{config, ...}: {
+  services.tailscale = {
+    # This is needed for being an exit node
+    useRoutingFeatures = "server";
+  };
 }
--- a/roles/server/traefik.nix
+++ b/roles/server/traefik.nix
@ -1,33 +1,31 @@
-{ config, ... }:
+{config, ...}: {
+  specialisation.traefikEnableWebUI.configuration.services.traefik = {
+    staticConfigOptions = {
+      api = {
+        # Enable the web ui
+        insecure = true;
+        dashboard = true;
+      };
+    };
+  };

-{
-	specialisation.traefikEnableWebUI.configuration.services.traefik = {
-		staticConfigOptions = {
-			api = {
-				# Enable the web ui
-				insecure = true;
-				dashboard = true;
-			};
-		};
-	};
-	
-	services.traefik = {
-		enable = true;
-		staticConfigOptions = {
-			entryPoints = {
-				http = { address = "100.73.96.48:80"; };
-			};
-		};
-	};
+  services.traefik = {
+    enable = true;
+    staticConfigOptions = {
+      entryPoints = {
+        http = {address = "100.73.96.48:80";};
+      };
+    };
+  };

-	systemd = {
-		units.tailscaled.requiredBy = [ "traefik.service" ];
-		# We have somewhat frequent power outages, and our ISP router takes
-		# ages to boot up. If I don't add a delay, traefik tries to bind to
-		# the tailscale interface before it's ready, making it crash too much
-		# in too little time
-		services.traefik.serviceConfig.RestartSec = 120;
-	};
+  systemd = {
+    units.tailscaled.requiredBy = ["traefik.service"];
+    # We have somewhat frequent power outages, and our ISP router takes
+    # ages to boot up. If I don't add a delay, traefik tries to bind to
+    # the tailscale interface before it's ready, making it crash too much
+    # in too little time
+    services.traefik.serviceConfig.RestartSec = 120;
+  };

-	networking.firewall.allowedTCPPorts = [ 80 8080 ];
+  networking.firewall.allowedTCPPorts = [80 8080];
 }
--- a/roles/server/transmission.nix
+++ b/roles/server/transmission.nix
@ -1,34 +1,32 @@
-{ config , ... }:
+{config, ...}: {
+  services.transmission = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      incomplete-dir-enabled = false;
+      rpc-bind-address = "0.0.0.0";
+      rpc-host-whitelist = "transmission.everest.sable-pancake.ts.net";
+      rpc-whitelist = "127.0.0.1";
+    };
+  };

-{
-	services.transmission = {
-		enable = true;
-		openFirewall = true;
-		settings = {
-			incomplete-dir-enabled = false;
-			rpc-bind-address = "0.0.0.0";
-			rpc-host-whitelist = "transmission.everest.sable-pancake.ts.net";
-			rpc-whitelist = "127.0.0.1";
-		};
-	};
+  # Add a cname for transmission
+  services.dnsmasq.settings.cname = ["transmission.everest.sable-pancake.ts.net,everest"];

-	# Add a cname for transmission
-	services.dnsmasq.settings.cname = [ "transmission.everest.sable-pancake.ts.net,everest" ];
-
-	# Set up traefik as the reverse proxy for transmission
-	services.traefik = {
-		dynamicConfigOptions = {
-			http = {
-				routers = {
-					transmission-subdomain = {
-						rule = "Host(`transmission.everest.sable-pancake.ts.net`)";
-						service = "transmission";
-					};
-				};
-				services.transmission.loadBalancer.servers = [
-					{ url = "http://localhost:${toString config.services.transmission.settings.rpc-port}"; }
-				];
-			};
-		};
-	};
+  # Set up traefik as the reverse proxy for transmission
+  services.traefik = {
+    dynamicConfigOptions = {
+      http = {
+        routers = {
+          transmission-subdomain = {
+            rule = "Host(`transmission.everest.sable-pancake.ts.net`)";
+            service = "transmission";
+          };
+        };
+        services.transmission.loadBalancer.servers = [
+          {url = "http://localhost:${toString config.services.transmission.settings.rpc-port}";}
+        ];
+      };
+    };
+  };
 }