diff --git a/hosts/athame/meta.nix b/hosts/athame/meta.nix
index c09ab52d..b8b7c1d2 100644
--- a/hosts/athame/meta.nix
+++ b/hosts/athame/meta.nix
@@ -1,14 +1,14 @@
 { config, hosts, lib, ... }:
 with config.resources; {
-    resources.hcloud_ssh_key = {
-          provider = "hcloud";
-          type = "ssh_key";
-          inputs = {
-            name = "yubikey";
-            public_key =
-              "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCocjQqiDIvzq+Qu3jkf7FXw5piwtvZ1Mihw9cVjdVcsra3U2c9WYtYrA3rS50N3p00oUqQm9z1KUrvHzdE+03ZCrvaGdrtYVsaeoCuuvw7qxTQRbItTAEsfRcZLQ5c1v/57HNYNEsjVrt8VukMPRXWgl+lmzh37dd9w45cCY1QPi+JXQQ/4i9Vc3aWSe4X6PHOEMSBHxepnxm5VNHm4PObGcVbjBf0OkunMeztd1YYA9sEPyEK3b8IHxDl34e5t6NDLCIDz0N/UgzCxSxoz+YJ0feQuZtud/YLkuQcMxW2dSGvnJ0nYy7SA5DkW1oqcy6CGDndHl5StOlJ1IF9aGh0gGkx5SRrV7HOGvapR60RphKrR5zQbFFka99kvSQgOZqSB3CGDEQGHv8dXKXIFlzX78jjWDOBT67vA/M9BK9FS2iNnBF5x6shJ9SU5IK4ySxq8qvN7Us8emkN3pyO8yqgsSOzzJT1JmWUAx0tZWG/BwKcFBHfceAPQl6pwxx28TM3BTBRYdzPJLTkAy48y6iXW6UYdfAPlShy79IYjQtEThTuIiEzdzgYdros0x3PDniuAP0KOKMgbikr0gRa6zahPjf0qqBnHeLB6nHAfaVzI0aNbhOg2bdOueE1FX0x48sjKqjOpjlIfq4WeZp9REr2YHEsoLFOBfgId5P3BPtpBQ== cardno:000612078454";
-          };
-        };
+  resources.hcloud_ssh_key = {
+    provider = "hcloud";
+    type = "ssh_key";
+    inputs = {
+      name = "yubikey";
+      public_key =
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCocjQqiDIvzq+Qu3jkf7FXw5piwtvZ1Mihw9cVjdVcsra3U2c9WYtYrA3rS50N3p00oUqQm9z1KUrvHzdE+03ZCrvaGdrtYVsaeoCuuvw7qxTQRbItTAEsfRcZLQ5c1v/57HNYNEsjVrt8VukMPRXWgl+lmzh37dd9w45cCY1QPi+JXQQ/4i9Vc3aWSe4X6PHOEMSBHxepnxm5VNHm4PObGcVbjBf0OkunMeztd1YYA9sEPyEK3b8IHxDl34e5t6NDLCIDz0N/UgzCxSxoz+YJ0feQuZtud/YLkuQcMxW2dSGvnJ0nYy7SA5DkW1oqcy6CGDndHl5StOlJ1IF9aGh0gGkx5SRrV7HOGvapR60RphKrR5zQbFFka99kvSQgOZqSB3CGDEQGHv8dXKXIFlzX78jjWDOBT67vA/M9BK9FS2iNnBF5x6shJ9SU5IK4ySxq8qvN7Us8emkN3pyO8yqgsSOzzJT1JmWUAx0tZWG/BwKcFBHfceAPQl6pwxx28TM3BTBRYdzPJLTkAy48y6iXW6UYdfAPlShy79IYjQtEThTuIiEzdzgYdros0x3PDniuAP0KOKMgbikr0gRa6zahPjf0qqBnHeLB6nHAfaVzI0aNbhOg2bdOueE1FX0x48sjKqjOpjlIfq4WeZp9REr2YHEsoLFOBfgId5P3BPtpBQ== cardno:000612078454";
+    };
+  };
 
   resources.athame = {
     provider = "null";
@@ -49,15 +49,16 @@ with config.resources; {
   #  ];
   #};
 
-/*  resources.athame_rdns = {
-    provider = "hcloud";
-    type = "rdns";
-    inputs = {
-      server_id = athame.refAttr "id";
-      dns_ptr = "athame.kittywit.ch";
-      ip_address = athame.refAttr "ipv4_address";
-    };
-  }; */
+  /* resources.athame_rdns = {
+       provider = "hcloud";
+       type = "rdns";
+       inputs = {
+         server_id = athame.refAttr "id";
+         dns_ptr = "athame.kittywit.ch";
+         ip_address = athame.refAttr "ipv4_address";
+       };
+     };
+  */
 
   #dns.records.kittywitch_athame = {
   #  tld = "kittywit.ch.";
@@ -92,10 +93,10 @@ with config.resources; {
   deploy.systems.athame = {
     nixosConfig = hosts.athame.config;
     connection = athame.connection.set;
-#    connection = {
-#      host = athame.refAttr "ipv4_address";
-#      port = 62954;
-#    };
+    #    connection = {
+    #      host = athame.refAttr "ipv4_address";
+    #      port = 62954;
+    #    };
     triggers.copy.athame = athame.refAttr "id";
     triggers.secrets.athame = athame.refAttr "id";
     #triggers.switch = lib.mapAttrs (name: record:
diff --git a/hosts/athame/nixos/default.nix b/hosts/athame/nixos/default.nix
index 38b2e9e1..dc7e5374 100644
--- a/hosts/athame/nixos/default.nix
+++ b/hosts/athame/nixos/default.nix
@@ -36,7 +36,6 @@
     interfaces.enp1s0.useDHCP = true;
   };
 
-
   networking.firewall.allowedTCPPorts =
     [ 22 80 443 5160 5060 8999 64738 1935 53589 5001 ];
   networking.firewall.allowedUDPPorts = [ 5160 5060 64738 ];
diff --git a/hosts/samhain/nixos/default.nix b/hosts/samhain/nixos/default.nix
index 6188eb85..e0ec47a7 100644
--- a/hosts/samhain/nixos/default.nix
+++ b/hosts/samhain/nixos/default.nix
@@ -56,7 +56,7 @@
     };
     wantedBy = [ "default.target" ];
   };
-  
+
   # graphics tablet
   services.xserver.wacom.enable = true;
 
diff --git a/lib/deploy.nix b/lib/deploy.nix
index 863ad57d..593ba59a 100644
--- a/lib/deploy.nix
+++ b/lib/deploy.nix
@@ -72,7 +72,7 @@ let
           key_algorithm = "hmac-sha512";
         };
       };
-   });
+    });
 in {
   inherit tf;
   target =
diff --git a/profiles/gui/home/bitw.nix b/profiles/gui/home/bitw.nix
index 0d7da0f1..46ed1c43 100644
--- a/profiles/gui/home/bitw.nix
+++ b/profiles/gui/home/bitw.nix
@@ -1,8 +1,8 @@
 { config, ... }:
 
 {
-  xdg.configFile."rbw/config.json".text = builtins.toJSON { 
-    email = "kat@kittywit.ch"; 
+  xdg.configFile."rbw/config.json".text = builtins.toJSON {
+    email = "kat@kittywit.ch";
     base_url = "https://vault.kittywit.ch";
     identity_url = null;
     lock_timeout = 3600;
diff --git a/services/murmur.nix b/services/murmur.nix
index 56092d8b..6b12b31e 100644
--- a/services/murmur.nix
+++ b/services/murmur.nix
@@ -16,14 +16,10 @@
     enableACME = true;
     forceSSL = true;
   };
-  
+
   users.groups."voice-cert".members = [ "nginx" "murmur" ];
 
-  security.acme.certs = {
-    "voice.kittywit.ch" = {
-      group = "voice-cert";
-    };
-  };
+  security.acme.certs = { "voice.kittywit.ch" = { group = "voice-cert"; }; };
 
   deploy.tf.dns.records.kittywitch_voice = {
     tld = "kittywit.ch.";
diff --git a/services/syncplay.nix b/services/syncplay.nix
index 423db435..09ccb10d 100644
--- a/services/syncplay.nix
+++ b/services/syncplay.nix
@@ -24,5 +24,7 @@
     certDir = "/var/lib/acme/sync.kittywit.ch/";
   };
 
-  security.acme.certs."sync.kittywit.ch".postRun = "cp key.pem privkey.pem\nchown acme:voice-cert privkey.pem";
+  security.acme.certs."sync.kittywit.ch".postRun = ''
+    cp key.pem privkey.pem
+    chown acme:voice-cert privkey.pem'';
 }