Cleanup

Addressed some things nixd complained about

modules/nixos/apps/yubikey/default.nix

@@ -1,14 +1,14 @@
 {
-  options,
   config,
   pkgs,
   lib,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkEnableOption mkIf;
+
   cfg = config.aa.apps.yubikey;
 in {
-  options.aa.apps.yubikey = with types; {
+  options.aa.apps.yubikey = {
     enable = mkEnableOption "yubikey";
   };
 
@@ -25,7 +25,6 @@ in {
 
     security.pam.yubico = {
       enable = true;
-      #debug = true;
       mode = "challenge-response";
       # Uncomment below for 2FA
       #control = "required";

modules/nixos/archetypes/workstation/default.nix

@@ -1,14 +1,13 @@
 {
-  options,
   config,
-  pkgs,
   lib,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkIf mkEnableOption;
+
   cfg = config.aa.archetypes.workstation;
 in {
-  options.aa.archetypes.workstation = with types; {
+  options.aa.archetypes.workstation = {
     enable = mkEnableOption "workstation archetype";
   };
 

modules/nixos/hardware/audio/default.nix

@@ -1,14 +1,14 @@
 {
-  options,
   config,
   lib,
   pkgs,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkEnableOption mkIf;
+
   cfg = config.aa.hardware.audio;
 in {
-  options.aa.hardware.audio = with types; {
+  options.aa.hardware.audio = {
     enable = mkEnableOption "audio";
   };
 

modules/nixos/hardware/bluetooth/default.nix

@@ -1,14 +1,13 @@
 {
-  options,
   config,
   lib,
-  pkgs,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkIf mkEnableOption;
+
   cfg = config.aa.hardware.bluetooth;
 in {
-  options.aa.hardware.bluetooth = with types; {
+  options.aa.hardware.bluetooth = {
     enable = mkEnableOption "bluetooth";
   };
 
@@ -17,4 +16,3 @@ in {
     services.blueman.enable = true;
   };
 }
-

modules/nixos/hardware/tlp/default.nix

@@ -1,14 +1,13 @@
 {
-  options,
   config,
-  pkgs,
   lib,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkEnableOption mkIf;
+
   cfg = config.aa.hardware.tlp;
 in {
-  options.aa.hardware.tlp = with types; {
+  options.aa.hardware.tlp = {
     enable = mkEnableOption "tlp";
   };
 

modules/nixos/nix/default.nix

@@ -1,18 +1,18 @@
 {
-  options,
   config,
   pkgs,
   lib,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkIf mkEnableOption mkOption types;
+
   cfg = config.aa.nix;
   selfHostedCacheHost = "https://cache.kilonull.com/";
 in {
-  options.aa.nix = with types; {
+  options.aa.nix = {
     enable = mkEnableOption "manage nix configuration.";
     package = mkOption {
-      type = package;
+      type = types.package;
       default = pkgs.nixVersions.git;
       description = "Which nix package to use.";
     };
@@ -46,9 +46,8 @@ in {
           ]
           else [];
         trusted-public-keys =
-          if cfg.useSelfhostedCache
+          mkIf cfg.useSelfhostedCache
-          then ["gospelCache:9cbn8Wm54BbwpPS0TXw+15wrYZBpfOJt4Fzfbfcq/pc="]
+          ["gospelCache:9cbn8Wm54BbwpPS0TXw+15wrYZBpfOJt4Fzfbfcq/pc="];
-          else [];
       };
 
       # TODO: Configure distributedBuilds and buildMachines?
@@ -58,12 +57,6 @@ in {
         dates = "weekly";
         options = "--delete-older-than 30d";
       };
-
-      # TODO: Not sure if I want this
-      # flake-utils-plus
-      # generateRegistryFromInputs = true;
-      # generateNixPathFromInputs = true;
-      # linkInputs = true;
     };
   };
 }

modules/nixos/security/acme/default.nix

@@ -1,18 +1,17 @@
 {
-  options,
   config,
   lib,
-  pkgs,
+  namespace,
-  format,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkOption mkEnableOption mkIf types;
+
   cfg = config.aa.security.acme;
 in {
-  options.aa.security.acme = with types; {
+  options.aa.security.acme = {
     enable = mkEnableOption "Automatic Certificate Management Environment (ACME)";
     useStaging = mkOption {
-      type = bool;
+      type = types.bool;
       description = ''
         Use the staging environment (use when configuring for the first time to
         avoid being locked out).
@@ -20,16 +19,16 @@ in {
       default = false;
     };
     domainName = mkOption {
-      type = str;
+      type = types.str;
       description = "The domain to request a wildcard cert for.";
     };
     isWildcard = mkOption {
-      type = bool;
+      type = types.bool;
       default = true;
       description = "Whether or not to request a wildcard cert.";
     };
     dnsCredentialsFile = mkOption {
-      type = path;
+      type = types.path;
       description = "The path to the credentials file for the DNS provider.";
     };
   };

modules/nixos/services/adguardhome/default.nix

@@ -1,18 +1,17 @@
 {
-  options,
   config,
   lib,
-  pkgs,
+  namespace,
-  format,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkIf mkEnableOption mkOption types;
-  cfg = config.aa.services.adguardhome;
+
+  cfg = config.${namespace}.services.adguardhome;
 in {
-  options.aa.services.adguardhome = with types; {
+  options.${namespace}.services.adguardhome = {
     enable = mkEnableOption "adguardhome";
     acmeCertName = mkOption {
-      type = str;
+      type = types.str;
       default = "";
       description = ''
         If set to a non-empty string, forces SSL with the supplied acme

modules/nixos/services/gitea/default.nix

@@ -1,19 +1,18 @@
 {
-  options,
   config,
   lib,
-  pkgs,
+  namespace,
-  format,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkIf mkEnableOption mkOption types;
-  cfg = config.aa.services.gitea;
+
+  cfg = config.${namespace}.services.gitea;
   gitea_cfg = config.services.gitea;
 in {
-  options.aa.services.gitea = with types; {
+  options.${namespace}.services.gitea = {
     enable = mkEnableOption "gitea";
     acmeCertName = mkOption {
-      type = str;
+      type = types.str;
       default = "";
       description = ''
         If set to a non-empty string, forces SSL with the supplied acme

modules/nixos/services/grafana/default.nix

@@ -1,18 +1,20 @@
 {
-  options,
   config,
   lib,
   pkgs,
+  namespace,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkIf mkEnableOption mkOption types;
-  cfg = config.aa.services.grafana;
+
+  cfg = config.${namespace}.services.grafana;
   server_settings = config.services.grafana.settings.server;
+  grafana_dashboards = pkgs.${namespace}.teslamate-grafana-dashboards;
 in {
-  options.aa.services.grafana = with types; {
+  options.${namespace}.services.grafana = {
     enable = mkEnableOption "grafana";
     acmeCertName = mkOption {
-      type = str;
+      type = types.str;
       default = "";
       description = ''
         If set to a non-empty string, forces SSL with the supplied acme
@@ -84,7 +86,7 @@ in {
               disableDeletion = false;
               editable = true;
               updateIntervalSeconds = 86400;
-              options.path = "${pkgs.aa.teslamate-grafana-dashboards}/dashboards";
+              options.path = "${grafana_dashboards}/dashboards";
             }
             {
               name = "teslamate_internal";
@@ -95,7 +97,7 @@ in {
               disableDeletion = false;
               editable = true;
               updateIntervalSeconds = 86400;
-              options.path = "${pkgs.aa.teslamate-grafana-dashboards}/dashboards/internal";
+              options.path = "${grafana_dashboards}/dashboards/internal";
             }
           ];
         };

modules/nixos/services/homeassistant/default.nix

@@ -1,19 +1,19 @@
 {
-  options,
   config,
   lib,
   pkgs,
-  format,
+  namespace,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkIf mkEnableOption mkOption types;
-  cfg = config.aa.services.homeassistant;
+
+  cfg = config.${namespace}.services.homeassistant;
   hass_cfg = config.services.home-assistant;
 in {
-  options.aa.services.homeassistant = with types; {
+  options.${namespace}.services.homeassistant = {
     enable = mkEnableOption "home assistant";
     acmeCertName = mkOption {
-      type = str;
+      type = types.str;
       default = "";
       description = ''
         If set to a non-empty string, forces SSL with the supplied acme

modules/nixos/services/hydra/default.nix

@@ -1,11 +1,12 @@
 {
   config,
   lib,
+  namespace,
   ...
 }: let
-  cfg = config.aa.services.hydra;
+  cfg = config.${namespace}.services.hydra;
 in {
-  options.aa.services.hydra = with lib; {
+  options.${namespace}.services.hydra = with lib; {
     enable = mkEnableOption "hydra";
     hostname = mkOption {
       type = types.str;

modules/nixos/services/loki/default.nix

@@ -1,17 +1,17 @@
 {
   config,
   lib,
+  namespace,
   ...
-}:
+}: let
-with lib; let
+  cfg = config.${namespace}.services.loki;
-  cfg = config.aa.services.loki;
   loki = config.services.loki;
 in {
-  options.aa.services.loki = with types; {
+  options.${namespace}.services.loki = with lib; {
     enable = mkEnableOption "loki";
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     services.loki = {
       enable = true;
       configuration = {

modules/nixos/services/minio/default.nix

@@ -1,18 +1,15 @@
 {
-  options,
   config,
   lib,
-  pkgs,
+  namespace,
   ...
-}:
+}: let
-with lib; let
+  cfg = config.${namespace}.services.minio;
-  cfg = config.aa.services.minio;
-  minio_cfg = config.services.minio;
 in {
-  options.aa.services.minio = with types; {
+  options.${namespace}.services.minio = with lib; {
     enable = mkEnableOption "minio";
     acmeCertName = mkOption {
-      type = str;
+      type = types.str;
       default = "";
       description = ''
         If set to a non-empty string, forces SSL with the supplied acme
@@ -21,7 +18,7 @@ in {
     };
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     services.minio = {
       enable = true;
     };

modules/nixos/services/mosquitto/default.nix

@@ -1,19 +1,14 @@
 {
-  options,
   config,
   lib,
-  pkgs,
-  format,
   ...
-}:
+}: let
-with lib; let
   cfg = config.aa.services.mosquitto;
-  mosquitto_cfg = config.services.mosquitto;
 in {
-  options.aa.services.mosquitto = with types; {
+  options.aa.services.mosquitto = with lib; {
     enable = mkEnableOption "home assistant";
   };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     age.secrets = {
       hass_mqtt.file = ../../../../secrets/hass_mqtt.age;
       theengs_ble_mqtt.file = ../../../../secrets/theengs_ble_mqtt.age;

modules/nixos/services/nextcloud/default.nix

@@ -3,14 +3,13 @@
   lib,
   pkgs,
   ...
-}:
+}: let
-with lib; let
   cfg = config.aa.services.nextcloud;
 in {
-  options.aa.services.nextcloud = with types; {
+  options.aa.services.nextcloud = with lib; {
     enable = mkEnableOption "nextcloud";
     acmeCertName = mkOption {
-      type = str;
+      type = types.str;
       default = "";
       description = ''
         If set to a non-empty string, forces SSL with the supplied acme
@@ -19,7 +18,7 @@ in {
     };
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     age.secrets.nextcloud_admin = {
       file = ../../../../secrets/nextcloud_admin.age;
       owner = "nextcloud";
@@ -53,7 +52,7 @@ in {
     };
 
     # nextcloud module configures nginx, just need to specify SSL stuffs here
-    services.nginx.virtualHosts.${config.services.nextcloud.hostName} = mkIf (cfg.acmeCertName != "") {
+    services.nginx.virtualHosts.${config.services.nextcloud.hostName} = lib.mkIf (cfg.acmeCertName != "") {
       forceSSL = true;
       useACMEHost = cfg.acmeCertName;
     };

modules/nixos/services/nix-serve/default.nix

@@ -1,26 +1,23 @@
 {
-  options,
   config,
   lib,
   pkgs,
-  format,
   ...
-}:
+}: let
-with lib; let
   cfg = config.aa.services.nix-serve;
 in {
-  options.aa.services.nix-serve = with types; {
+  options.aa.services.nix-serve = with lib; {
     enable = mkEnableOption "nix-serve";
     domain_name = mkOption {
-      type = str;
+      type = types.str;
       description = "The domain to use.";
     };
     subdomain_name = mkOption {
-      type = str;
+      type = types.str;
       description = "The subdomain to use.";
     };
     acmeCertName = mkOption {
-      type = str;
+      type = types.str;
       default = "";
       description = ''
         If set to a non-empty string, forces SSL with the supplied acme
@@ -29,7 +26,7 @@ in {
     };
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     nix.settings = {
       allowed-users = ["nix-serve"];
       trusted-users = ["nix-serve"];

modules/nixos/services/octoprint/default.nix

@@ -1,17 +1,14 @@
 {
-  options,
   config,
   lib,
-  pkgs,
   ...
-}:
+}: let
-with lib; let
   cfg = config.aa.services.octoprint;
 in {
-  options.aa.services.octoprint = with types; {
+  options.aa.services.octoprint = with lib; {
     enable = mkEnableOption "octoprint";
     acmeCertName = mkOption {
-      type = str;
+      type = types.str;
       default = "";
       description = ''
         If set to a non-empty string, foces SSL with the supplied acme
@@ -20,7 +17,7 @@ in {
     };
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     services.octoprint.enable = true;
 
     services.nginx = {

modules/nixos/services/openssh/default.nix

@@ -1,23 +1,18 @@
 {
-  options,
   config,
   lib,
-  pkgs,
   format,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkIf mkEnableOption mkOption mkDefault types;
+
   cfg = config.aa.services.openssh;
-
-  user = config.users.users.${config.aa.user.name};
-  user-id = builtins.toString user.uid;
-
   default-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmPdQcM0KCQ3YunF1gwN+B+i1Q8KrIfiUvNtgFQjTy2";
 in {
-  options.aa.services.openssh = with types; {
+  options.aa.services.openssh = {
     enable = mkEnableOption "ssh";
     authorizedKeys = mkOption {
-      type = listOf str;
+      type = types.listOf types.str;
       default = [default-key];
       description = "The public keys to authorize";
     };

modules/nixos/services/printing/default.nix

@@ -1,18 +1,15 @@
 {
-  options,
   config,
   lib,
-  pkgs,
   ...
-}:
+}: let
-with lib; let
   cfg = config.aa.apps.steam;
 in {
-  options.aa.services.printing = with types; {
+  options.aa.services.printing = with lib; {
     enable = mkEnableOption "printing";
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     # Setup printing over the network
     services.printing.enable = true;
     services.avahi = {

modules/nixos/services/prometheus/default.nix

@@ -1,23 +1,22 @@
 {
-  options,
   config,
   lib,
-  pkgs,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkIf;
+
   cfg = config.aa.services.prometheus;
   exporters = config.services.prometheus.exporters;
 in {
-  options.aa.services.prometheus = with types; {
+  options.aa.services.prometheus = with lib; {
     enable = mkEnableOption "prometheus";
     enableServer = mkOption {
-      type = bool;
+      type = types.bool;
       default = false;
       description = "Whether or not to enable the prometheus server";
     };
     enableNodeExporter = mkOption {
-      type = bool;
+      type = types.bool;
       default = true;
       description = "Whether or not to enable the node exporter";
     };

modules/nixos/services/promtail/default.nix

@@ -1,19 +1,15 @@
 {
-  options,
   config,
   lib,
-  pkgs,
   ...
-}:
+}: let
-with lib; let
   cfg = config.aa.services.promtail;
-  loki = config.services.loki;
 in {
-  options.aa.services.promtail = with types; {
+  options.aa.services.promtail = with lib; {
     enable = mkEnableOption "promtail";
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     services.promtail = {
       enable = true;
       configuration = {

modules/nixos/services/syncoid/default.nix

@@ -4,29 +4,30 @@
   pkgs,
   lib,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkIf;
+
   cfg = config.aa.services.syncoid;
 in {
-  options.aa.services.syncoid = with types; {
+  options.aa.services.syncoid = with lib; {
     enable = mkEnableOption "syncoid (ZFS snap replication)";
     commands = mkOption {
-      type = attrs;
+      type = types.attrs;
       default = {};
       description = "Commands to pass directly to syncoid, see `services.syncoid.commands`";
     };
     remoteTargetUser = mkOption {
-      type = str;
+      type = types.str;
       default = "";
       description = "The user to use on the target machine.";
     };
     remoteTargetDatasets = mkOption {
-      type = listOf str;
+      type = types.listOf types.str;
       default = [];
       description = "Datasets to be used as a remote target (e.g. a NAS's backups dataset)";
     };
     remoteTargetPublicKeys = mkOption {
-      type = listOf str;
+      type = types.listOf types.str;
       default = [];
       description = "SSH public keys that the syncoid service's user should trust";
     };
@@ -45,7 +46,7 @@ in {
         ++ [
           "destroy"
         ];
-      commands = mkAliasDefinitions options.aa.services.syncoid.commands;
+      commands = lib.mkAliasDefinitions options.aa.services.syncoid.commands;
     };
 
     environment.systemPackages = mkIf (cfg.remoteTargetUser != "") (with pkgs; [

modules/nixos/services/tailscale/default.nix

@@ -1,17 +1,17 @@
 {
-  options,
   config,
   pkgs,
   lib,
   ...
-}:
+}: let
-with lib; let
+  inherit (lib) mkIf;
+
   cfg = config.aa.services.tailscale;
 in {
-  options.aa.services.tailscale = with types; {
+  options.aa.services.tailscale = with lib; {
     enable = mkEnableOption "tailscale";
     configureClientRouting = mkOption {
-      type = bool;
+      type = types.bool;
       default = false;
       description = mdDoc ''
         Configures tailscale as a client.
@@ -20,7 +20,7 @@ in {
       '';
     };
     configureServerRouting = mkOption {
-      type = bool;
+      type = types.bool;
       default = false;
       description = mdDoc ''
         Configures tailscale as a server.

modules/nixos/services/teslamate/default.nix

@@ -1,18 +1,15 @@
 {
-  options,
   config,
   lib,
-  pkgs,
   ...
-}:
+}: let
-with lib; let
   cfg = config.aa.services.teslamate;
 in {
-  options.aa.services.teslamate = with types; {
+  options.aa.services.teslamate = with lib; {
     enable = mkEnableOption "teslamate";
 
     acmeCertName = mkOption {
-      type = str;
+      type = types.str;
       default = "";
       description = ''
         If set to a non-empty string, forces SSL with the supplied acme
@@ -21,7 +18,7 @@ in {
     };
 
     user = mkOption {
-      type = str;
+      type = types.str;
       default = "teslamate";
       description = ''
         The user that should run teslamate
@@ -29,7 +26,7 @@ in {
     };
 
     group = mkOption {
-      type = str;
+      type = types.str;
       default = "teslamate";
       description = ''
         The group that should be assigned to the user running teslamate
@@ -38,7 +35,7 @@ in {
 
     database = {
       host = mkOption {
-        type = str;
+        type = types.str;
         default = "127.0.0.1";
         description = ''
           Database host address
@@ -46,7 +43,7 @@ in {
       };
 
       name = mkOption {
-        type = str;
+        type = types.str;
         default = "teslamate";
         description = ''
           The database name
@@ -54,7 +51,7 @@ in {
       };
 
       user = mkOption {
-        type = str;
+        type = types.str;
         default = "teslamate";
         description = ''
           The user that should have access to the database
@@ -62,15 +59,15 @@ in {
       };
 
       passwordFile = mkOption {
-        type = path;
+        type = types.path;
-        description = lib.mdDoc ''
+        description = mdDoc ''
           A file containing the password corresponding to
           {option}`database.user`
         '';
       };
 
       createDatabase = mkOption {
-        type = bool;
+        type = types.bool;
         default = false;
         description = ''
           Whether to create a local database automatically.
@@ -79,7 +76,7 @@ in {
     };
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
     age.secrets = {
       teslamate_encryption.file = ../../../../secrets/teslamate_encryption.age;
       teslamate_mqtt.file = ../../../../secrets/teslamate_mqtt.age;
@@ -131,8 +128,8 @@ in {
     };
     users.groups.${cfg.group} = {};
 
-    services.postgresql = optionalAttrs cfg.database.createDatabase {
+    services.postgresql = lib.optionalAttrs cfg.database.createDatabase {
-      enable = mkDefault true;
+      enable = lib.mkDefault true;
 
       ensureDatabases = [cfg.database.name];
       ensureUsers = [