first pass using statix linter

2024-03-10 17:26:18 +00:00 · 2024-03-10 17:26:18 +00:00 · 94eb79d5c6
parent 0e271b08c4
commit 94eb79d5c6
46 changed files with 81 additions and 85 deletions
--- a/extras/mk-enc-usb.nix
+++ b/extras/mk-enc-usb.nix
@ -5,7 +5,7 @@
  writeShellApplication,
 }: let
  encryptedUSBData = import ../data/drives/encryptedUSB.nix;
-in (writeShellApplication {
+in writeShellApplication {
  name = "mk-enc-usb";
  runtimeInputs = [
    parted
@ -48,4 +48,4 @@ in (writeShellApplication {
    echo "Naming Partitions"
    parted "$USB_DEVICE" -- name 1 ${encryptedUSBData.encryptedPartLabel}
  '';
-})
+}
--- a/extras/mk-encrypted-drive.nix
+++ b/extras/mk-encrypted-drive.nix
@ -6,7 +6,7 @@
  writeShellApplication,
 }: let
  driveData = import ../data/drives/encryptedDrive.nix;
-in (writeShellApplication {
+in writeShellApplication {
  name = "mk-encrypted-drive";
  runtimeInputs = [
    parted
@ -82,4 +82,4 @@ in (writeShellApplication {

    echo "mount /dev/mapper/mk_encrypted_drive to install"
  '';
-})
+}
--- a/extras/mk-raspberry-ext-drive.nix
+++ b/extras/mk-raspberry-ext-drive.nix
@ -5,7 +5,7 @@
  writeShellApplication,
 }: let
  externalDriveData = import ../data/drives/raspberryExternalDrive.nix;
-in (writeShellApplication {
+in writeShellApplication {
  name = "mk-raspberry-ext-drive";
  runtimeInputs = [
    util-linux
@ -64,4 +64,4 @@ in (writeShellApplication {
    echo "Closing mapper device"
    cryptsetup close "mk-raspberry-ext-drive"
  '';
-})
+}
--- a/flake.nix
+++ b/flake.nix
@ -42,5 +42,5 @@
    food-site.inputs.flake-compat.follows = "flake-compat";
  };

-  outputs = {...} @ inputs: import ./outputs.nix inputs;
+  outputs = inputs: import ./outputs.nix inputs;
 }
--- a/home/musicLibrary.nix
+++ b/home/musicLibrary.nix
@ -5,7 +5,7 @@
  ...
 }: let
  # Requires secrets.{restic_music_env}
-  secrets = nixosConfig.services.secrets.secrets;
+  inherit (nixosConfig.services.secrets) secrets;
 in {
  imports = with tree; [
    home.apps.rclone
--- a/home/programming/languages/nix.nix
+++ b/home/programming/languages/nix.nix
@ -1,5 +1,5 @@
 {pkgs, ...}: {
-  home.packages = with pkgs; [alejandra deadnix];
+  home.packages = with pkgs; [alejandra deadnix statix];

  programs.vscode-mod.extensions = with pkgs; [
    vscode-extensions.bbenoist.nix
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -1,3 +1,3 @@
-{...} @ inputs: {
+inputs: {
  nixosConfigurations = import ./nixos.nix inputs;
 }
--- a/hosts/hetzner-arm/containers/caldav/profiles/radicale.nix
+++ b/hosts/hetzner-arm/containers/caldav/profiles/radicale.nix
@ -1,5 +1,5 @@
 {config, ...}: let
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
 in {
  services.radicale = {
    enable = true;
--- a/hosts/hetzner-arm/containers/caldav/profiles/restic.nix
+++ b/hosts/hetzner-arm/containers/caldav/profiles/restic.nix
@ -5,7 +5,7 @@
  ...
 }: let
  backupSchedules = import "${self}/data/backupSchedules.nix";
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
 in {
  environment.systemPackages = with pkgs; [
    restic
--- a/hosts/hetzner-arm/containers/forgejo/profiles/restic.nix
+++ b/hosts/hetzner-arm/containers/forgejo/profiles/restic.nix
@ -5,7 +5,7 @@
  ...
 }: let
  backupSchedules = import "${self}/data/backupSchedules.nix";
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
 in {
  environment.systemPackages = with pkgs; [
    restic
--- a/hosts/hetzner-arm/containers/grocy/profiles/restic.nix
+++ b/hosts/hetzner-arm/containers/grocy/profiles/restic.nix
@ -4,7 +4,7 @@
  config,
  ...
 }: let
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
  backupSchedules = import "${self}/data/backupSchedules.nix";
 in {
  environment.systemPackages = with pkgs; [
--- a/hosts/hetzner-arm/containers/jellyfin/profiles/mediaMount.nix
+++ b/hosts/hetzner-arm/containers/jellyfin/profiles/mediaMount.nix
@ -3,7 +3,7 @@
  pkgs,
  ...
 }: let
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
  rcloneMedia = pkgs.writeShellScriptBin "rclone-media" ''
    ${pkgs.rclone}/bin/rclone --config ${secrets.rclone_config.path} "$@"
  '';
--- a/hosts/hetzner-arm/containers/jellyfin/profiles/restic.nix
+++ b/hosts/hetzner-arm/containers/jellyfin/profiles/restic.nix
@ -4,7 +4,7 @@
  config,
  ...
 }: let
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
  backupSchedules = import "${self}/data/backupSchedules.nix";
 in {
  environment.systemPackages = with pkgs; [
--- a/hosts/hetzner-arm/containers/mail/modules/mailserver/dovecot.nix
+++ b/hosts/hetzner-arm/containers/mail/modules/mailserver/dovecot.nix
@ -36,7 +36,7 @@
    EOF
  '';
 in {
-  config = mkIf (mailConfig.enable) {
+  config = mkIf mailConfig.enable {
    services.dovecot2 = {
      enable = true;
      enableImap = true;
--- a/hosts/hetzner-arm/containers/mail/modules/mailserver/opendkim.nix
+++ b/hosts/hetzner-arm/containers/mail/modules/mailserver/opendkim.nix
@ -19,7 +19,7 @@
  keyDir = mailConfig.dkim.directory;
  selector = "mail";

-  domains = mailConfig.domains;
+  inherit (mailConfig) domains;

  createDomainDkimCert = dom: let
    dkimKey = "${keyDir}/${dom}.${selector}.key";
@ -51,7 +51,7 @@ in {
  config = mkIf (mailConfig.enable && mailConfig.dkim.enable) {
    services.opendkim = {
      enable = true;
-      selector = selector;
+      inherit selector;
      keyPath = keyDir;
      domains = "csl:${concatStringsSep "," domains}";
      configFile = toFile "opendkim.conf" (''
--- a/hosts/hetzner-arm/containers/mail/modules/mailserver/postfix.nix
+++ b/hosts/hetzner-arm/containers/mail/modules/mailserver/postfix.nix
@ -34,7 +34,7 @@

  extraAliasesCombinedFilePath = "/run/postfix_sending_receiving_aliases";
 in {
-  config = mkIf (mailConfig.enable) {
+  config = mkIf mailConfig.enable {
    systemd.tmpfiles.rules = mkIf (mailConfig.extraAliasesFile != null) [
      "f ${extraAliasesCombinedFilePath} 660 root root"
    ];
@ -111,7 +111,7 @@ in {
          "reject_unauth_destination"
        ];

-        policy-spf_time_limit = mkIf (mailConfig.spf.enable) "3600s";
+        policy-spf_time_limit = mkIf mailConfig.spf.enable "3600s";

        smtpd_recipient_restrictions = flatten [
          (optional mailConfig.spf.enable "check_policy_service unix:private/policy-spf")
@ -158,7 +158,7 @@ in {
        milter_mail_macros = "i {mail_addr} {client_addr} {client_name} {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}";
      };

-      submissionOptions = submissionOptions;
+      inherit submissionOptions;
      submissionsOptions = submissionOptions;

      masterConfig = {
@ -167,7 +167,7 @@ in {
          # D => Delivered-To, O => X-Original-To, R => Return-Path
          args = ["flags=O"];
        };
-        "policy-spf" = mkIf (mailConfig.spf.enable) {
+        "policy-spf" = mkIf mailConfig.spf.enable {
          type = "unix";
          privileged = true;
          chroot = false;
--- a/hosts/hetzner-arm/containers/mail/modules/mailserver/ssl.nix
+++ b/hosts/hetzner-arm/containers/mail/modules/mailserver/ssl.nix
@ -16,7 +16,7 @@ in {
        serverAliases = mailConfig.domains;
        forceSSL = true;
        enableACME = true;
-        acmeRoot = acmeRoot;
+        inherit acmeRoot;
      };
    };

--- a/hosts/hetzner-arm/containers/mail/modules/mailserver/vmail.nix
+++ b/hosts/hetzner-arm/containers/mail/modules/mailserver/vmail.nix
@ -10,11 +10,11 @@

  mailConfig = config.services.mailserver;

-  vmail = mailConfig.vmail;
+  inherit (mailConfig) vmail;
  vmailUser = vmail.user;
  vmailGroup = vmail.group;

-  sieveDirectory = mailConfig.sieveDirectory;
+  inherit (mailConfig) sieveDirectory;

  scriptForUser = name: config:
    if builtins.isString config.sieveScript
@ -39,7 +39,7 @@
    ${concatStringsSep "\n" (mapAttrsToList (name: config: scriptForUser name config) mailConfig.accounts)}
  '';
 in {
-  config = mkIf (mailConfig.enable) {
+  config = mkIf mailConfig.enable {
    users.users."${vmailUser}" = {
      isSystemUser = true;

--- a/hosts/hetzner-arm/containers/mail/profiles/mailserver.nix
+++ b/hosts/hetzner-arm/containers/mail/profiles/mailserver.nix
@ -1,5 +1,5 @@
 {config, ...}: let
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
 in {
  services.mailserver = {
    enable = true;
--- a/hosts/hetzner-arm/containers/mail/profiles/restic.nix
+++ b/hosts/hetzner-arm/containers/mail/profiles/restic.nix
@ -5,7 +5,7 @@
  ...
 }: let
  backupSchedules = import "${self}/data/backupSchedules.nix";
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;

  mailConfig = config.services.mailserver;
 in {
--- a/hosts/hetzner-arm/containers/music/modules/mpd-fork.nix
+++ b/hosts/hetzner-arm/containers/music/modules/mpd-fork.nix
@ -34,7 +34,7 @@ with lib; let

    ${optionalString (cfg.network.listenAddress != "any") ''bind_to_address "${cfg.network.listenAddress}"''}
    ${optionalString (cfg.network.port != 6600) ''port "${toString cfg.network.port}"''}
-    ${optionalString (cfg.fluidsynth) ''
+    ${optionalString cfg.fluidsynth ''
      decoder {
              plugin "fluidsynth"
              soundfont "${pkgs.soundfont-fluid}/share/soundfonts/FluidR3_GM2-2.sf2"
@ -245,8 +245,7 @@ in {
        ExecStart = ["" "${cfg.package}/bin/mpd --systemd /run/mpd/mpd.conf"];
        RuntimeDirectory = "mpd";
        StateDirectory =
-          []
-          ++ optionals (cfg.dataDir == "/var/lib/${name}") [name]
+          optionals (cfg.dataDir == "/var/lib/${name}") [name]
          ++ optionals (cfg.playlistDirectory == "/var/lib/${name}/playlists") [name "${name}/playlists"]
          ++ optionals (cfg.musicDirectory == "/var/lib/${name}/music") [name "${name}/music"];
      };
@ -255,7 +254,7 @@ in {
    users.users = optionalAttrs (cfg.user == name) {
      "${name}" = {
        inherit uid;
-        group = cfg.group;
+        inherit (cfg) group;
        extraGroups = ["audio"];
        description = "Music Player Daemon user";
        home = "${cfg.dataDir}";
--- a/hosts/hetzner-arm/containers/music/profiles/mpd.nix
+++ b/hosts/hetzner-arm/containers/music/profiles/mpd.nix
@ -8,7 +8,7 @@
  inherit (lib.lists) forEach;

  ports = import ../data/ports.nix;
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
 in {
  environment.systemPackages = with pkgs; [
    mpc_cli
--- a/hosts/hetzner-arm/containers/music/profiles/soulseek.nix
+++ b/hosts/hetzner-arm/containers/music/profiles/soulseek.nix
@ -4,7 +4,7 @@
  ...
 }: let
  ports = import ../data/ports.nix;
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;

  inherit (lib.modules) mkForce;
 in {
--- a/hosts/hetzner-arm/containers/owncast/profiles/restic.nix
+++ b/hosts/hetzner-arm/containers/owncast/profiles/restic.nix
@ -5,7 +5,7 @@
  ...
 }: let
  backupSchedules = import "${self}/data/backupSchedules.nix";
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
 in {
  environment.systemPackages = with pkgs; [
    restic
--- a/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix
+++ b/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix
@ -4,7 +4,7 @@
  config,
  ...
 }: let
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
  backupSchedules = import "${self}/data/backupSchedules.nix";

  backupPrepareCommand = "${
--- a/hosts/hetzner-arm/containers/quassel/profiles/restic.nix
+++ b/hosts/hetzner-arm/containers/quassel/profiles/restic.nix
@ -5,7 +5,7 @@
  ...
 }: let
  backupSchedules = import "${self}/data/backupSchedules.nix";
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
 in {
  environment.systemPackages = with pkgs; [
    restic
--- a/hosts/hetzner-arm/containers/social/profiles/gotosocial.nix
+++ b/hosts/hetzner-arm/containers/social/profiles/gotosocial.nix
@ -7,7 +7,7 @@
  hostIP = containerAddresses.host;
  containerIP = containerAddresses.containers.social;

-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
 in {
  services.gotosocial = {
    enable = true;
--- a/hosts/hetzner-arm/containers/social/profiles/restic.nix
+++ b/hosts/hetzner-arm/containers/social/profiles/restic.nix
@ -4,7 +4,7 @@
  config,
  ...
 }: let
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
  backupSchedules = import "${self}/data/backupSchedules.nix";

  # Because gotosocial-admin isn't a seporate package we need to generate a seperate config
--- a/hosts/hetzner-arm/containers/storage/profiles/rcloneConfigs.nix
+++ b/hosts/hetzner-arm/containers/storage/profiles/rcloneConfigs.nix
@ -1,5 +1,5 @@
 {config, ...}: let
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
 in {
  systemd.tmpfiles.rules = [
    "d /root/.config - root root"
--- a/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix
+++ b/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix
@ -1,5 +1,5 @@
 {config, ...}: let
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
  ports = import ../data/ports.nix;
 in {
  systemd.tmpfiles.rules = [
--- a/hosts/hetzner-arm/containers/stream/profiles/mpd.nix
+++ b/hosts/hetzner-arm/containers/stream/profiles/mpd.nix
@ -8,7 +8,7 @@
  inherit (lib.lists) forEach;

  ports = import ../data/ports.nix;
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
 in {
  environment.systemPackages = with pkgs; [
    mpc_cli
--- a/hosts/hetzner-arm/containers/stream/profiles/soulseek.nix
+++ b/hosts/hetzner-arm/containers/stream/profiles/soulseek.nix
@ -4,7 +4,7 @@
  ...
 }: let
  ports = import ../data/ports.nix;
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;

  inherit (lib.modules) mkForce;
 in {
--- a/hosts/lappy-t495/profiles/restic.nix
+++ b/hosts/lappy-t495/profiles/restic.nix
@ -1,5 +1,5 @@
 {config, ...}: let
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
 in {
  services.restic.backups.lappy-t495 = {
    user = "root";
--- a/hosts/vault/profiles/internalCA.nix
+++ b/hosts/vault/profiles/internalCA.nix
@ -3,7 +3,7 @@
  config,
  ...
 }: let
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
 in {
  environment.systemPackages = with pkgs; [
    step-cli
--- a/hosts/vault/profiles/restic.nix
+++ b/hosts/vault/profiles/restic.nix
@ -4,7 +4,7 @@
  config,
  ...
 }: let
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;
  backupSchedules = import "${self}/data/backupSchedules.nix";
 in {
  services.restic.backups.vault = {
--- a/modules/home/vscode-mod-module.nix
+++ b/modules/home/vscode-mod-module.nix
@ -76,7 +76,7 @@ in {
      };

      userSettings = mkOption {
-        type = jsonFormat.type;
+        inherit (jsonFormat) type;
        default = {};
        example = literalExpression ''
          {
@ -91,7 +91,7 @@ in {
      };

      userTasks = mkOption {
-        type = jsonFormat.type;
+        inherit (jsonFormat) type;
        default = {};
        example = literalExpression ''
          {
@ -127,7 +127,7 @@ in {
            };

            when = mkOption {
-              type = types.nullOr (types.str);
+              type = types.nullOr types.str;
              default = null;
              example = "textInputFocus";
              description = "Optional context filter.";
@ -135,7 +135,7 @@ in {

            # https://code.visualstudio.com/docs/getstarted/keybindings#_command-arguments
            args = mkOption {
-              type = types.nullOr (jsonFormat.type);
+              type = types.nullOr jsonFormat.type;
              default = null;
              example = {direction = "up";};
              description = "Optional arguments for a command.";
--- a/modules/nixos/postgreSQLRemoteBackup.nix
+++ b/modules/nixos/postgreSQLRemoteBackup.nix
@ -93,7 +93,7 @@ in {
        "d '${cfg.location}' 0700 ${cfg.backupUser} - - -"
      ];
    })
-    (mkIf (cfg.enable) {
+    (mkIf cfg.enable {
      systemd.services = listToAttrs (map (db: {
          name = "remotePostgreSQLBackup-${db}";
          value = let
@ -118,7 +118,7 @@ in {

            description = "Backup of ${db} database(s)";

-            requires = mkIf (config.services.postgresql.enable) [
+            requires = mkIf config.services.postgresql.enable [
              "postgresql.service"
            ];

@ -137,7 +137,7 @@ in {

              umask 0077 # ensure backup is only readable by backup user

-              ${optionalString (cfg.keepPrev) ''
+              ${optionalString cfg.keepPrev ''
                if [ -e ${curFile} ]; then
                  rm -f ${toString prevFiles}
                  mv ${curFile} ${prevFile}
@ -156,7 +156,7 @@ in {
              User = cfg.backupUser;
            };

-            startAt = cfg.startAt;
+            inherit (cfg) startAt;
          };
        })
        cfg.databases);
--- a/modules/nixos/rcloneSync.nix
+++ b/modules/nixos/rcloneSync.nix
@ -120,7 +120,7 @@ in {
          value = {
            wantedBy = ["timers.target"];
            partOf = ["${name}.service"];
-            timerConfig = job.timerConfig;
+            inherit (job) timerConfig;
          };
        })
        cfg.syncJobs);
--- a/modules/nixos/secrets.nix
+++ b/modules/nixos/secrets.nix
@ -69,7 +69,7 @@ in {
      autoSecrets = {
        enable = mkEnableOption "autoSecrets";
        affectedSystemdServices = mkOption {
-          type = types.listOf (types.either (types.str) (types.submodule {
+          type = types.listOf (types.either types.str (types.submodule {
            options = {
              name = mkOption {
                type = types.str;
@ -251,7 +251,7 @@ in {
      ];
    }
    // (mkMerge [
-      (mkIf (cfg.enable) {
+      (mkIf cfg.enable {
        environment.systemPackages = [
          (secretsLib.mkSecretsInitScript cfg)
          (secretsLib.mkSecretsCheckScript cfg)
@ -284,7 +284,7 @@ in {
        in {
          services =
            (listToAttrs (map (unitConfig: {
-                name = unitConfig.name;
+                inherit (unitConfig) name;
                value = {
                  after = ["auto-secrets.service"];
                  wants = ["auto-secrets.service"];
--- a/modules/nixos/secretsLib/lib.nix
+++ b/modules/nixos/secretsLib/lib.nix
@ -300,37 +300,32 @@ in rec {
    };

  mkSecretsInitScript = cfg: mkSecretsInitScriptWithName cfg null;
-  mkSecretsInitScriptWithName = (
-    cfg: name: let
+  mkSecretsInitScriptWithName = cfg: name: let
      scriptName =
        if name == null
        then "secrets-init"
        else "secrets-init-${name}";
      scripts = genScripts cfg;
-    in (writeShellApplication {
+    in writeShellApplication {
      name = scriptName;
      runtimeInputs = defaultPackages ++ cfg.packages;
      text = scripts.initScript;
-    })
-  );
+    };

  mkSecretsCheckScript = cfg: mkSecretsCheckScriptWithName cfg null;
-  mkSecretsCheckScriptWithName = (
-    cfg: name: let
+  mkSecretsCheckScriptWithName = cfg: name: let
      scriptName =
        if name == null
        then "secrets-check"
        else "secrets-check-${name}";
      scripts = genScripts cfg;
-    in (writeShellApplication {
+    in writeShellApplication {
      name = scriptName;
      runtimeInputs = defaultPackages ++ cfg.checkPackages;
      text = scripts.checkScript;
-    })
-  );
+    };

-  genVaultPolicy = (
-    cfg: name: let
+  genVaultPolicy = cfg: name: let
      inherit (cfg) requiredVaultPaths;

      policies = forEach requiredVaultPaths (policyConfig: let
@ -349,8 +344,7 @@ in rec {
          capabilities = [${concatStringsSep "," (forEach capabilities escapeString)}]
        }
      '');
-    in (toFile "vault-policy-${name}.hcl" ''
+    in toFile "vault-policy-${name}.hcl" ''
      ${concatStringsSep "\n" policies}
-    '')
-  );
+    '';
 }
--- a/outputs.nix
+++ b/outputs.nix
@ -1,6 +1,6 @@
 {self, ...} @ inputs: let
  nixpkgs = inputs.nixpkgs-unstable;
-  lib = nixpkgs.lib;
+  inherit (nixpkgs) lib;

  inherit (lib.attrsets) mergeAttrsList recursiveUpdate;
  inherit (lib.lists) foldl' forEach filter;
@ -8,7 +8,7 @@
  hosts = import ./hosts inputs;
 in
  {
-    nixosConfigurations = hosts.nixosConfigurations;
+    inherit (hosts) nixosConfigurations;

    extras = {
      wsl-tarball-builder = hosts.nixosConfigurations.wsl.config.system.build.tarballBuilderExt;
@ -161,7 +161,7 @@ in
          };

          machinesWithHostSecrets = filter (
-            machine: (machines.${machine}.hasHostSecrets)
+            machine: machines.${machine}.hasHostSecrets
          ) (builtins.attrNames machines);

          machinesWithContainers = filter (
@ -201,11 +201,11 @@ in

            (mergeAttrsList (forEach machinesWithContainers (machineName: let
              machine = machines.${machineName};
-              containers = machine.containers;
-            in (mergeAttrsList (forEach containers (containerName: {
+              inherit (machine) containers;
+            in mergeAttrsList (forEach containers (containerName: {
              "secrets-init-${machineName}-container-${containerName}" = secretsInitScriptForContainer machineName containerName;
              "vault-policy-${machineName}-container-${containerName}" = vaultPolicyForContainer machineName containerName;
-            }))))))
+            })))))
          ];
        })
      ]
--- a/presets/nixos/serverEncryptedDrive.nix
+++ b/presets/nixos/serverEncryptedDrive.nix
@ -9,7 +9,7 @@
  inherit (lib.modules) mkForce;
  inherit (lib.lists) optionals;

-  system = pkgs.system;
+  inherit (pkgs) system;

  driveData = import "${self}/data/drives/encryptedDrive.nix";
 in {
--- a/presets/nixos/serverHetzner.nix
+++ b/presets/nixos/serverHetzner.nix
@ -9,11 +9,11 @@
  inherit (lib.lists) optionals;
  inherit (lib.modules) mkForce;

-  system = pkgs.system;
+  inherit (pkgs) system;

  serverIPs = import "${self}/data/serverIPs.nix";

-  hostName = config.networking.hostName;
+  inherit (config.networking) hostName;
  hostServerIPs = serverIPs.${hostName};

  gateway = "172.31.1.1";
--- a/profiles/chaosInternalWireGuard/wireguard.nix
+++ b/profiles/chaosInternalWireGuard/wireguard.nix
@ -9,7 +9,7 @@
  inherit (builtins) hasAttr attrNames;

  # Assume this to be set
-  secrets = config.services.secrets.secrets;
+  inherit (config.services.secrets) secrets;

  wireguardData = import "${self}/data/wireguard/chaosInternalWireGuard.nix";
  wireguardHosts = wireguardData.hosts;
--- a/profiles/fingerprint.nix
+++ b/profiles/fingerprint.nix
@ -14,7 +14,7 @@ in {
    sudo.fprintAuth = true;
    login.fprintAuth = true;

-    gdm-fingerprint = mkIf (config.services.xserver.displayManager.gdm.enable) {
+    gdm-fingerprint = mkIf config.services.xserver.displayManager.gdm.enable {
      text = ''
        auth       required                    pam_shells.so
        auth       requisite                   pam_nologin.so
--- a/statix.toml
+++ b/statix.toml
@ -0,0 +1,3 @@
+disabled = [
+  "empty_pattern"
+]