diff --git a/flake.nix b/flake.nix
index 7fca607..9f2652d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -60,6 +60,10 @@
                 enable = true;
                 inherit files;
               };
+              trim-trailing-whitespace = {
+                enable = true;
+                inherit files;
+              };
             };
 
           devShells.default = pkgs.mkShell {
diff --git a/infra/vm02116/configuration.nix b/infra/vm02116/configuration.nix
index 4ac97bc..48fb17d 100644
--- a/infra/vm02116/configuration.nix
+++ b/infra/vm02116/configuration.nix
@@ -84,7 +84,7 @@
         ########### here starts the automated bit #####################
         table inet filter {
             chain input {
-                type filter hook input priority 0; 
+                type filter hook input priority 0;
                 policy drop;
 
                 # established/related connections
@@ -97,7 +97,7 @@
 
                 # loopback interface
                 iifname lo accept
-                
+
                 # icmp
                 ip protocol icmp icmp type { destination-unreachable, echo-reply, echo-request, source-quench, time-exceeded } accept
                 # Without the nd-* ones ipv6 will not work.
@@ -126,10 +126,10 @@
 
         table ip nat {
             chain postrouting {
-            }   
+            }
             chain prerouting {
             }
-        }  
+        }
       '';
     };
   };
diff --git a/infra/vm02179/configuration.nix b/infra/vm02179/configuration.nix
index e514c52..5b10d8b 100644
--- a/infra/vm02179/configuration.nix
+++ b/infra/vm02179/configuration.nix
@@ -72,7 +72,7 @@
         ########### here starts the automated bit #####################
         table inet filter {
             chain input {
-                type filter hook input priority 0; 
+                type filter hook input priority 0;
                 policy drop;
 
                 # established/related connections
@@ -85,7 +85,7 @@
 
                 # loopback interface
                 iifname lo accept
-                
+
                 # icmp
                 ip protocol icmp icmp type { destination-unreachable, echo-reply, echo-request, source-quench, time-exceeded } accept
                 # Without the nd-* ones ipv6 will not work.
@@ -113,10 +113,10 @@
 
         table ip nat {
             chain postrouting {
-            }   
+            }
             chain prerouting {
             }
-        }  
+        }
       '';
     };
   };
diff --git a/infra/vm02187/configuration.nix b/infra/vm02187/configuration.nix
index 9b3718e..2c8edbf 100644
--- a/infra/vm02187/configuration.nix
+++ b/infra/vm02187/configuration.nix
@@ -33,7 +33,7 @@
       $wgUseImageMagick = true;
       $wgMaxShellMemory = 524288;
       $wgSVGMetadataCutoff = 1024*1024;
-      $wgAllowExternalImages = false; 
+      $wgAllowExternalImages = false;
 
       ## Permissions
       $wgGroupPermissions['*']['edit'] = false;
@@ -139,7 +139,7 @@
         ########### here starts the automated bit #####################
         table inet filter {
             chain input {
-                type filter hook input priority 0; 
+                type filter hook input priority 0;
                 policy drop;
 
                 # established/related connections
@@ -152,7 +152,7 @@
 
                 # loopback interface
                 iifname lo accept
-                
+
                 # icmp
                 ip protocol icmp icmp type { destination-unreachable, echo-reply, echo-request, source-quench, time-exceeded } accept
                 # Without the nd-* ones ipv6 will not work.
@@ -181,10 +181,10 @@
 
         table ip nat {
             chain postrouting {
-            }   
+            }
             chain prerouting {
             }
-        }  
+        }
       '';
     };
   };