switch to nixfmt

checks/flake-module.nix

@@ -1,9 +1,12 @@
-{ self, ... }: {
+{ self, ... }:
+{
   perSystem =
-    { pkgs
-    , lib
-    , ...
-    }: {
+    {
+      pkgs,
+      lib,
+      ...
+    }:
+    {
       checks = lib.optionalAttrs pkgs.stdenv.isLinux {
         test = import ./test.nix { inherit self pkgs; };
       };

checks/lib.nix

@@ -15,6 +15,8 @@ in
   # This makes `self` available in the NixOS configuration of our virtual machines.
   # This is useful for referencing modules or packages from your own flake
   # as well as importing from other flakes.
-  node.specialArgs = { inherit self; };
+  node.specialArgs = {
+    inherit self;
+  };
   imports = [ test ];
 }).config.result

checks/linkcheck/pkgs/default.nix

@@ -1,4 +1,6 @@
-{ pkgs ? import <nixpkgs> { } }:
+{
+  pkgs ? import <nixpkgs> { },
+}:
 {
   wikiextractor = pkgs.callPackage ./wikiextractor.nix { };
 }

checks/linkcheck/pkgs/wikiextractor.nix

@@ -1,8 +1,8 @@
-{ lib
-, python3
-, fetchpatch
-, fetchFromGitHub
-,
+{
+  lib,
+  python3,
+  fetchpatch,
+  fetchFromGitHub,
 }:
 
 python3.pkgs.buildPythonApplication rec {

checks/test.nix

@@ -2,28 +2,35 @@
   name = "nixos-wiki";
   nodes = {
     # `self` here is set by using specialArgs in `lib.nix`
-    wiki = { self, pkgs, config, ... }: {
-      imports = [
-        self.nixosModules.nixos-wiki
-      ];
-      networking.extraHosts = ''
-        127.0.0.1 nixos-wiki.example.com
-      '';
-      security.acme.defaults.email = "admin@example.com";
-      services.nixos-wiki = {
-        hostname = "nixos-wiki.example.com";
-        adminPasswordFile = pkgs.writeText "adminPasswordFile" "Creation-Fabric-Untrimmed3";
-        githubClientId = "Iv1.95ed182c83df1d22";
-        githubClientSecretFile = pkgs.writeText "githubClientSecretFile" "secret";
-        emergencyContact = "nixos-wiki@thalheim.io";
-        passwordSender = "nixos-wiki@thalheim.io";
-        noReplyAddress = "nixos-wiki-no-reply@thalheim.io";
+    wiki =
+      {
+        self,
+        pkgs,
+        config,
+        ...
+      }:
+      {
+        imports = [
+          self.nixosModules.nixos-wiki
+        ];
+        networking.extraHosts = ''
+          127.0.0.1 nixos-wiki.example.com
+        '';
+        security.acme.defaults.email = "admin@example.com";
+        services.nixos-wiki = {
+          hostname = "nixos-wiki.example.com";
+          adminPasswordFile = pkgs.writeText "adminPasswordFile" "Creation-Fabric-Untrimmed3";
+          githubClientId = "Iv1.95ed182c83df1d22";
+          githubClientSecretFile = pkgs.writeText "githubClientSecretFile" "secret";
+          emergencyContact = "nixos-wiki@thalheim.io";
+          passwordSender = "nixos-wiki@thalheim.io";
+          noReplyAddress = "nixos-wiki-no-reply@thalheim.io";
+        };
+        services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
+          enableACME = false;
+          forceSSL = false;
+        };
       };
-      services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
-        enableACME = false;
-        forceSSL = false;
-      };
-    };
   };
   # This is the test code that will check if our service is running correctly:
   testScript = ''

flake.nix

@@ -19,31 +19,39 @@
     sops-nix.inputs.nixpkgs-stable.follows = "";
   };
 
-  outputs = inputs@{ flake-parts, ... }:
-    flake-parts.lib.mkFlake { inherit inputs; } ({ self, lib, ... }: {
-      systems = [
-        "aarch64-linux"
-        "x86_64-linux"
+  outputs =
+    inputs@{ flake-parts, ... }:
+    flake-parts.lib.mkFlake { inherit inputs; } (
+      { self, lib, ... }:
+      {
+        systems = [
+          "aarch64-linux"
+          "x86_64-linux"
 
-        "x86_64-darwin"
-        "aarch64-darwin"
-      ];
-      imports = [
-        inputs.treefmt-nix.flakeModule
-        ./targets/flake-module.nix
-        ./modules/flake-module.nix
-        ./checks/flake-module.nix
-        ./formatter.nix
-      ];
-      perSystem = { self', system, ... }: {
+          "x86_64-darwin"
+          "aarch64-darwin"
+        ];
+        imports = [
+          inputs.treefmt-nix.flakeModule
+          ./targets/flake-module.nix
+          ./modules/flake-module.nix
+          ./checks/flake-module.nix
+          ./formatter.nix
+        ];
+        perSystem =
+          { self', system, ... }:
+          {
 
-        checks =
-          let
-            nixosMachines = lib.mapAttrs' (name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations);
-            packages = lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages;
-            devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells;
-          in
-          nixosMachines // packages // devShells;
-      };
-    });
+            checks =
+              let
+                nixosMachines = lib.mapAttrs' (
+                  name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel
+                ) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations);
+                packages = lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages;
+                devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells;
+              in
+              nixosMachines // packages // devShells;
+          };
+      }
+    );
 }

formatter.nix

@@ -17,7 +17,8 @@
           "targets/nixos-wiki.nixos.org/secrets/*"
         ];
         programs.hclfmt.enable = true;
-        programs.nixpkgs-fmt.enable = true;
+        programs.nixfmt.enable = true;
+        programs.nixfmt.package = pkgs.nixfmt-rfc-style;
         programs.deadnix.enable = true;
         programs.ruff.format = true;
         programs.ruff.check = true;
@@ -39,8 +40,7 @@
                 provider.override (prev: {
                   homepage = builtins.replaceStrings [ "registry.terraform.io/providers" ] [
                     "registry.opentofu.org"
-                  ]
-                    prev.homepage;
+                  ] prev.homepage;
                 });
             in
             [
@@ -57,8 +57,7 @@
               ))
             ];
         };
-      }
-      // (import ./checks/linkcheck/pkgs { inherit pkgs; });
+      } // (import ./checks/linkcheck/pkgs { inherit pkgs; });
       devShells.linkcheck = pkgs.mkShell {
         packages = [
           pkgs.lychee

modules/flake-module.nix

@@ -1,4 +1,5 @@
-{ inputs, ... }: {
+{ inputs, ... }:
+{
   flake.nixosModules = {
     hcloud.imports = [
       inputs.srvos.nixosModules.server

modules/monitoring.nix

@@ -7,4 +7,3 @@
     ip6tables -D nixos-fw -p tcp --source 2a03:4000:62:fdb::/128 --dport 9273 -j nixos-fw-accept || true
   '';
 }
-

modules/nixos-wiki/backup.nix

@@ -2,46 +2,49 @@
 let
   wikiDump = "/var/lib/mediawiki/backup/wikidump.xml.zst";
 
-  mediawiki-maintenance = pkgs.runCommand "mediawiki-maintenance"
-    {
-      nativeBuildInputs = [ pkgs.makeWrapper ];
-      preferLocalBuild = true;
-    } ''
-    mkdir -p $out/bin
-    makeWrapper ${config.services.phpfpm.pools.mediawiki.phpPackage}/bin/php $out/bin/mediawiki-maintenance \
-      --set MEDIAWIKI_CONFIG ${config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG} \
-      --add-flags ${config.services.mediawiki.finalPackage}/share/mediawiki/maintenance/run.php
-  '';
-
-  wiki-backup = pkgs.writeShellApplication
-    {
-      name = "wiki-backup";
-      runtimeInputs = [
-        config.services.postgresql.package
-        pkgs.util-linux
-      ];
-      text = ''
-        mkdir -p /var/lib/mediawiki/backup/
-        runuser -u postgres -- pg_dump --compress=zstd --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp
-        mv /var/lib/mediawiki/backup/{db.tmp,db}
+  mediawiki-maintenance =
+    pkgs.runCommand "mediawiki-maintenance"
+      {
+        nativeBuildInputs = [ pkgs.makeWrapper ];
+        preferLocalBuild = true;
+      }
+      ''
+        mkdir -p $out/bin
+        makeWrapper ${config.services.phpfpm.pools.mediawiki.phpPackage}/bin/php $out/bin/mediawiki-maintenance \
+          --set MEDIAWIKI_CONFIG ${config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG} \
+          --add-flags ${config.services.mediawiki.finalPackage}/share/mediawiki/maintenance/run.php
       '';
-    };
+
+  wiki-backup = pkgs.writeShellApplication {
+    name = "wiki-backup";
+    runtimeInputs = [
+      config.services.postgresql.package
+      pkgs.util-linux
+    ];
+    text = ''
+      mkdir -p /var/lib/mediawiki/backup/
+      runuser -u postgres -- pg_dump --compress=zstd --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp
+      mv /var/lib/mediawiki/backup/{db.tmp,db}
+    '';
+  };
 
   # to restore:
   # $ runuser -u postgres -- pg_restore --format=custom -d mediawiki < /tmp/db
 
-  wiki-dump = pkgs.writeShellApplication
-    {
-      name = "wiki-dump";
-      runtimeInputs = [ pkgs.util-linux pkgs.coreutils ];
-      text = ''
-        mkdir -p /var/lib/mediawiki/backup/
-        runuser -u mediawiki -- ${mediawiki-maintenance}/bin/mediawiki-maintenance dumpBackup.php \
-          --full --include-files --uploads --quiet | \
-          ${pkgs.zstd}/bin/zstd > ${wikiDump}.tmp
-        mv ${wikiDump}{.tmp,}
-      '';
-    };
+  wiki-dump = pkgs.writeShellApplication {
+    name = "wiki-dump";
+    runtimeInputs = [
+      pkgs.util-linux
+      pkgs.coreutils
+    ];
+    text = ''
+      mkdir -p /var/lib/mediawiki/backup/
+      runuser -u mediawiki -- ${mediawiki-maintenance}/bin/mediawiki-maintenance dumpBackup.php \
+        --full --include-files --uploads --quiet | \
+        ${pkgs.zstd}/bin/zstd > ${wikiDump}.tmp
+      mv ${wikiDump}{.tmp,}
+    '';
+  };
 in
 {
   environment.systemPackages = [ mediawiki-maintenance ];
@@ -74,7 +77,8 @@ in
     };
   };
 
-  services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName}.locations."=/wikidump.xml.zst".alias = wikiDump;
+  services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName}.locations."=/wikidump.xml.zst".alias =
+    wikiDump;
 
   sops.secrets.storagebox-ssh-key = {
     sopsFile = ../../targets/nixos-wiki.nixos.org/secrets/backup_share_ssh_key;
@@ -113,7 +117,10 @@ in
       monthly = 3;
     };
 
-    paths = [ "/var/lib/mediawiki-uploads" "/var/lib/mediawiki/backup" ];
+    paths = [
+      "/var/lib/mediawiki-uploads"
+      "/var/lib/mediawiki/backup"
+    ];
 
     # Where to backup it to
     repo = "u391032-sub1@u391032.your-storagebox.de:wiki.nixos.org/repo";

modules/nixos-wiki/default.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 let
   cfg = config.services.nixos-wiki;
 in
@@ -175,7 +180,9 @@ in
     # https://www.mediawiki.org/wiki/Help:Extension:Translate/Installation
     services.phpfpm.pools.mediawiki.phpOptions =
       let
-        phpVersion = builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor config.services.phpfpm.pools.mediawiki.phpPackage.version);
+        phpVersion = builtins.replaceStrings [ "." ] [ "" ] (
+          lib.versions.majorMinor config.services.phpfpm.pools.mediawiki.phpPackage.version
+        );
         extensions = pkgs."php${phpVersion}Extensions";
       in
       ''
@@ -202,9 +209,10 @@ in
     '';
     systemd.services.mediawiki-init.serviceConfig.RemainAfterExit = true;
 
-
-
-    networking.firewall.allowedTCPPorts = [ 443 80 ];
+    networking.firewall.allowedTCPPorts = [
+      443
+      80
+    ];
     security.acme.acceptTerms = true;
     services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
       enableACME = lib.mkDefault true;

modules/nixos-wiki/extensions.nix

@@ -1,7 +1,23 @@
-{ fetchzip }: {
-  "MobileFrontend" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/MobileFrontend-REL1_42-db1bbe7.tar.gz/MobileFrontend-REL1_42-db1bbe7.tar.gz"; hash = "sha256-jHeG1pr/YEdIsrCUPKLJ6DXdOW52sYjCXex3Ns9pi4A="; };
-  "DarkMode" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/DarkMode-REL1_42-66aad97.tar.gz/DarkMode-REL1_42-66aad97.tar.gz"; hash = "sha256-xt7+yiD2oDsK0q7tsqAtYdiKcLqWr8DiWl+zAmoqQpg="; };
-  "QuickInstantCommons" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/QuickInstantCommons-REL1_42-3e6a069.tar.gz/QuickInstantCommons-REL1_42-3e6a069.tar.gz"; hash = "sha256-U7mNjhr0kI46gWForiUBKXQEYSuvME8+YVwMOVpuhm0="; };
-  "Translate" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/Translate-REL1_42-3531d86.tar.gz/Translate-REL1_42-3531d86.tar.gz"; hash = "sha256-t1fBccarl0wQTlrCM4UDJyGw8M9eCyUk7Wbk8AxRG7w="; };
-  "UniversalLanguageSelector" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz"; hash = "sha256-XujlyG3K07XAzW+Vat8NZypKIpHwGCZt6bxmxH57e0M="; };
+{ fetchzip }:
+{
+  "MobileFrontend" = fetchzip {
+    url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/MobileFrontend-REL1_42-db1bbe7.tar.gz/MobileFrontend-REL1_42-db1bbe7.tar.gz";
+    hash = "sha256-jHeG1pr/YEdIsrCUPKLJ6DXdOW52sYjCXex3Ns9pi4A=";
+  };
+  "DarkMode" = fetchzip {
+    url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/DarkMode-REL1_42-66aad97.tar.gz/DarkMode-REL1_42-66aad97.tar.gz";
+    hash = "sha256-xt7+yiD2oDsK0q7tsqAtYdiKcLqWr8DiWl+zAmoqQpg=";
+  };
+  "QuickInstantCommons" = fetchzip {
+    url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/QuickInstantCommons-REL1_42-3e6a069.tar.gz/QuickInstantCommons-REL1_42-3e6a069.tar.gz";
+    hash = "sha256-U7mNjhr0kI46gWForiUBKXQEYSuvME8+YVwMOVpuhm0=";
+  };
+  "Translate" = fetchzip {
+    url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/Translate-REL1_42-3531d86.tar.gz/Translate-REL1_42-3531d86.tar.gz";
+    hash = "sha256-t1fBccarl0wQTlrCM4UDJyGw8M9eCyUk7Wbk8AxRG7w=";
+  };
+  "UniversalLanguageSelector" = fetchzip {
+    url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz";
+    hash = "sha256-XujlyG3K07XAzW+Vat8NZypKIpHwGCZt6bxmxH57e0M=";
+  };
 }

targets/flake-module.nix

@@ -4,22 +4,23 @@ let
   configs = builtins.filter (dir: builtins.pathExists (./. + "/${dir}/configuration.nix")) entries;
 in
 {
-  flake.nixosConfigurations = lib.listToAttrs
-    (builtins.map
-      (name:
-        lib.nameValuePair
-          (builtins.replaceStrings [ "." ] [ "-" ] name)
-          (lib.nixosSystem {
-            system = "x86_64-linux";
-            # Make flake available in modules
-            specialArgs = {
-              self = {
-                inputs = self.inputs;
-                nixosModules = self.nixosModules;
-              };
+  flake.nixosConfigurations = lib.listToAttrs (
+    builtins.map (
+      name:
+      lib.nameValuePair (builtins.replaceStrings [ "." ] [ "-" ] name) (
+        lib.nixosSystem {
+          system = "x86_64-linux";
+          # Make flake available in modules
+          specialArgs = {
+            self = {
+              inputs = self.inputs;
+              nixosModules = self.nixosModules;
             };
+          };
 
-            modules = [ (./. + "/${name}/configuration.nix") ];
-          }))
-      configs);
+          modules = [ (./. + "/${name}/configuration.nix") ];
+        }
+      )
+    ) configs
+  );
 }

targets/nixos-wiki.nixos.org/configuration.nix

@@ -1,4 +1,9 @@
-{ self, lib, config, ... }:
+{
+  self,
+  lib,
+  config,
+  ...
+}:
 let
   nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json);
 in