chore: fmt, feat(syncthing): allow on tailscale

nixos/access/kitchencam.nix

@@ -78,7 +78,8 @@ in {
   };
   config.networking.firewall.allowedTCPPorts = let
     inherit (nginx.virtualHosts.kitchencam) listen';
-  in mkIf listen'.stream.enable [
-    listen'.stream.port
-  ];
+  in
+    mkIf listen'.stream.enable [
+      listen'.stream.port
+    ];
 }

nixos/fluidd.nix

@@ -1,4 +1,10 @@
-{ config, access, gensokyo-zone, lib, ... }: let
+{
+  config,
+  access,
+  gensokyo-zone,
+  lib,
+  ...
+}: let
   inherit (gensokyo-zone.lib) domain;
   inherit (lib.modules) mkIf mkDefault mkForce;
   inherit (lib.strings) removePrefix;
@@ -11,9 +17,9 @@ in {
       enable = mkDefault true;
       hostName = mkDefault "print.local.${domain}"; # TODO: serverName?
       nginx.locations."/webcam".proxyPass = let
-            inherit (config.services.motion.cameras) printercam;
-            inherit (printercam.settings) camera_id;
-          in "https://kitchen.local.${domain}/${toString camera_id}/stream";
+        inherit (config.services.motion.cameras) printercam;
+        inherit (printercam.settings) camera_id;
+      in "https://kitchen.local.${domain}/${toString camera_id}/stream";
     };
     nginx = mkIf cfg.enable {
       proxied.enable = true;
@@ -22,9 +28,10 @@ in {
           serviceName = "moonraker";
           scheme = "";
         };
-      in mkForce {
-        servers.${moonraker} = { };
-      };
+      in
+        mkForce {
+          servers.${moonraker} = {};
+        };
       virtualHosts = {
         ${cfg.hostName} = {
           enable = false;
@@ -32,7 +39,7 @@ in {
         ${serverName} = {
           # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/web-apps/fluidd.nix
           # XXX: non-@ host required for gatus to work
-          serverAliases = [ (removePrefix "@" serverName) ];
+          serverAliases = [(removePrefix "@" serverName)];
           proxied.enable = true;
           # TODO: proxy.upstream = "fluidd-apiserver";
           proxy.url = "http://fluidd-apiserver";

nixos/klipper.nix

@@ -1,4 +1,9 @@
-{ config, gensokyo-zone, lib, ... }: let
+{
+  config,
+  gensokyo-zone,
+  lib,
+  ...
+}: let
   inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
   inherit (lib.modules) mkIf mkDefault;
   inherit (config.services) moonraker octoprint;

nixos/moonraker.nix

@@ -1,16 +1,22 @@
-{ config, access, gensokyo-zone, lib, ... }: let
+{
+  config,
+  access,
+  gensokyo-zone,
+  lib,
+  ...
+}: let
   inherit (lib.modules) mkIf mkDefault;
   inherit (gensokyo-zone.lib) domain;
   inherit (config.services) klipper;
   cfg = config.services.moonraker;
- in {
+in {
   sops.secrets = {
     moonraker_cfg = {
       sopsFile = ./secrets/moonraker.yaml;
       path = "${cfg.stateDir}/config/secrets.conf";
       owner = cfg.user;
     };
-   };
+  };
   services = {
     moonraker = {
       enable = mkDefault true;
@@ -19,9 +25,9 @@
       group = mkDefault klipper.group;
       port = 7125; # it's the default but i'm specifying it anyway
       settings = {
-        "include secrets.conf" = { };
-        octoprint_compat = { };
-        history = { };
+        "include secrets.conf" = {};
+        octoprint_compat = {};
+        history = {};
         "webcam printer" = let
           inherit (config.services.motion.cameras) printercam;
           inherit (printercam.settings) camera_id;
@@ -46,7 +52,7 @@
           trusted_clients =
             access.cidrForNetwork.allLocal.all
             # XXX: only safe when protected behind vouch!
-            ++ [ "0.0.0.0/0" "::/0" ];
+            ++ ["0.0.0.0/0" "::/0"];
         };
         machine = {
           # disable all machine control

nixos/syncthing-kat/syncthing.nix

@@ -5,5 +5,10 @@
     openDefaultPorts = true;
     dataDir = "/mnt/kyuuto-litterbox";
   };
-  networking.firewall.interfaces.local.allowedTCPPorts = [ 8384 ];
+  networking.firewall.interfaces = let
+    x.allowedTCPPorts = [8384];
+  in {
+    local = x;
+    tail = x;
+  };
 }