diff --git a/home/flake-module.nix b/home/flake-module.nix
index 2849f00..7d46de3 100644
--- a/home/flake-module.nix
+++ b/home/flake-module.nix
@@ -21,7 +21,8 @@ let
           home.username = user;
           home.homeDirectory = "/home/${user}";
         }
-      ] ++ modules;
+      ]
+      ++ modules;
     };
 in
 {
diff --git a/home/modules/firefox/mkFirefoxModuleCompat.nix b/home/modules/firefox/mkFirefoxModuleCompat.nix
index e3cf8ea..3345953 100644
--- a/home/modules/firefox/mkFirefoxModuleCompat.nix
+++ b/home/modules/firefox/mkFirefoxModuleCompat.nix
@@ -29,7 +29,8 @@ let
       configPath = [
         "config"
         "content" # due to mkIf
-      ] ++ modulePath;
+      ]
+      ++ modulePath;
     in
     lib.updateManyAttrsByPath
       [
diff --git a/home/modules/firefox/mkFirefoxProfileBinModule.nix b/home/modules/firefox/mkFirefoxProfileBinModule.nix
index ebae797..4c3ff5a 100644
--- a/home/modules/firefox/mkFirefoxProfileBinModule.nix
+++ b/home/modules/firefox/mkFirefoxProfileBinModule.nix
@@ -33,7 +33,8 @@ let
         categories = [
           "Network"
           "WebBrowser"
-        ] ++ lib.optional isSecure "Security";
+        ]
+        ++ lib.optional isSecure "Security";
       };
     in
     pkgs.runCommand pname { } ''
diff --git a/lib/createUser.nix b/lib/createUser.nix
index 56f68d3..18c8ce3 100644
--- a/lib/createUser.nix
+++ b/lib/createUser.nix
@@ -35,7 +35,8 @@
             count = 60000000;
           }
         ];
-      } // user;
+      }
+      // user;
 
       home-manager = {
         useGlobalPkgs = true;
diff --git a/lib/openwrt.nix b/lib/openwrt.nix
index 271aba7..ee761ac 100644
--- a/lib/openwrt.nix
+++ b/lib/openwrt.nix
@@ -30,7 +30,8 @@ in
           "luci-ssl"
           "nextdns"
           "tailscale"
-        ] ++ packages;
+        ]
+        ++ packages;
 
         # TODO set up SSH config (register public keys, disable password login, ...)
         files = pkgs.runCommand "image-files" { } ''
diff --git a/modules/systemdNotify.nix b/modules/systemdNotify.nix
index 6a4c1d0..f988abb 100644
--- a/modules/systemdNotify.nix
+++ b/modules/systemdNotify.nix
@@ -85,34 +85,33 @@ in
       }
     ];
 
-    systemd.services."notify@" =
-      {
-        onFailure = lib.mkForce [ ];
-      }
-      // optionalAttrs (cfg.method == "libnotify") {
-        description = "Desktop notifications for %i service failure";
-        environment = {
-          DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/user/${
-            toString config.users.users.${cfg.libnotify.user}.uid
-          }/bus";
-          INSTANCE = "%i";
-        };
-        script = ''
-          ${pkgs.libnotify}/bin/notify-send --urgency=critical \
-            "Service '$INSTANCE' failed" \
-            "$(journalctl -n 6 -o cat -u $INSTANCE)"
-        '';
-        serviceConfig = {
-          Type = "oneshot";
-          User = cfg.libnotify.user;
-        };
-      }
-      // optionalAttrs (cfg.method == "email") {
-        description = "E-Mail notifications for %i service failure";
-        serviceConfig = {
-          ExecStart = "${sendmail} %i";
-          Type = "oneshot";
-        };
+    systemd.services."notify@" = {
+      onFailure = lib.mkForce [ ];
+    }
+    // optionalAttrs (cfg.method == "libnotify") {
+      description = "Desktop notifications for %i service failure";
+      environment = {
+        DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/user/${
+          toString config.users.users.${cfg.libnotify.user}.uid
+        }/bus";
+        INSTANCE = "%i";
       };
+      script = ''
+        ${pkgs.libnotify}/bin/notify-send --urgency=critical \
+          "Service '$INSTANCE' failed" \
+          "$(journalctl -n 6 -o cat -u $INSTANCE)"
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+        User = cfg.libnotify.user;
+      };
+    }
+    // optionalAttrs (cfg.method == "email") {
+      description = "E-Mail notifications for %i service failure";
+      serviceConfig = {
+        ExecStart = "${sendmail} %i";
+        Type = "oneshot";
+      };
+    };
   };
 }
diff --git a/services/restic/lib.nix b/services/restic/lib.nix
index 727b856..7b53de6 100644
--- a/services/restic/lib.nix
+++ b/services/restic/lib.nix
@@ -53,7 +53,8 @@ in
         # reduce download bandwidth
         "--max-unused 10%"
         "--repack-cacheable-only"
-      ] ++ extraPruneOpts;
+      ]
+      ++ extraPruneOpts;
     }
     // (removeAttrs args [
       "name"
diff --git a/system/vpn.nix b/system/vpn.nix
index 753708c..4b0e459 100644
--- a/system/vpn.nix
+++ b/system/vpn.nix
@@ -89,21 +89,20 @@ in
     wants = [ "tailscaled.service" ];
     wantedBy = [ "multi-user.target" ];
     serviceConfig.Type = "oneshot";
-    script =
-      ''
-        status=$(${config.systemd.package}/bin/systemctl show -P StatusText tailscaled.service)
-        if [[ $status != Connected* ]]; then
-          ${cfg.package}/bin/tailscale up
-        fi
+    script = ''
+      status=$(${config.systemd.package}/bin/systemctl show -P StatusText tailscaled.service)
+      if [[ $status != Connected* ]]; then
+        ${cfg.package}/bin/tailscale up
+      fi
 
-        # some options cannot be set immediately
-        ${cfg.package}/bin/tailscale up ${lib.escapeShellArgs cfg.extraUpFlags}
+      # some options cannot be set immediately
+      ${cfg.package}/bin/tailscale up ${lib.escapeShellArgs cfg.extraUpFlags}
 
-        ${cfg.package}/bin/tailscale cert ${tailnetHost}
-      ''
-      + lib.optionalString config.services.nginx.enable ''
-        chown nginx:nginx /var/lib/tailscale/certs/${tailnetHost}.{key,crt}
-      '';
+      ${cfg.package}/bin/tailscale cert ${tailnetHost}
+    ''
+    + lib.optionalString config.services.nginx.enable ''
+      chown nginx:nginx /var/lib/tailscale/certs/${tailnetHost}.{key,crt}
+    '';
   };
 
   services.nginx.virtualHosts.${tailnetHost} = {