dovecot: define Drafts and Trash folders

```
• Updated input 'nixpkgs-stable':
    'github:nixos/nixpkgs/22c4a7a4796a91c297a7e59078a84ec29515f86e' (2023-01-29)
  → 'github:nixos/nixpkgs/f413457e0dd7a42adefdbcea4391dd9751509025' (2023-01-30)
• Updated input 'uninsane-dot-org':
    'git+https://git.uninsane.org/colin/uninsane?ref=refs%2fheads%2fmaster&rev=80c6ec95bd430e29d231cf745f19279bb76fb382' (2022-10-27)
  → 'git+https://git.uninsane.org/colin/uninsane?ref=refs%2fheads%2fmaster&rev=b099c24091cc192abf3997b94342d4b31cc5757b' (2023-01-31)
```

flake.lock

@@ -40,31 +40,15 @@
       "locked": {
         "lastModified": 1,
         "narHash": "sha256-arp7Uy7ct5ryTcmSY032eN7hr33i7D2XvjTRLliCFDc=",
-        "path": "/nix/store/rk489311m97gs49qid05c1xra05h64sm-source/nixpatches",
+        "path": "/nix/store/jblp2g67p3wid2qarcyd8bzrbs9wg5lb-source/nixpatches",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/rk489311m97gs49qid05c1xra05h64sm-source/nixpatches",
+        "path": "/nix/store/jblp2g67p3wid2qarcyd8bzrbs9wg5lb-source/nixpatches",
         "type": "path"
       }
     },
     "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1674868155,
-        "narHash": "sha256-eFNm2h6fNbgD7ZpO4MHikCB5pSnCJ7DTmwPisjetmwc=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "ce20e9ebe1903ea2ba1ab006ec63093020c761cb",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-22.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-stable_2": {
       "locked": {
         "lastModified": 1674352297,
         "narHash": "sha256-OkAnJPrauEcUCrst4/3DKoQfUn2gXKuU6CFvhtMrLgg=",
@@ -100,7 +84,6 @@
       "inputs": {
         "mobile-nixos": "mobile-nixos",
         "nixpkgs": "nixpkgs",
-        "nixpkgs-stable": "nixpkgs-stable",
         "nixpkgs-unpatched": "nixpkgs-unpatched",
         "sops-nix": "sops-nix",
         "uninsane-dot-org": "uninsane-dot-org"
@@ -111,7 +94,7 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "nixpkgs-stable": "nixpkgs-stable_2"
+        "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
         "lastModified": 1674546403,
@@ -135,11 +118,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1666870107,
-        "narHash": "sha256-b9eXZxSwhzdJI5uQgfrMhu4SY2POrPkinUg7F5gQVYo=",
+        "lastModified": 1675131883,
+        "narHash": "sha256-yBgJDG72YqIr1bltasqHD1E/kHc9uRFgDjxDmy6kI8M=",
         "ref": "refs/heads/master",
-        "rev": "80c6ec95bd430e29d231cf745f19279bb76fb382",
-        "revCount": 164,
+        "rev": "b099c24091cc192abf3997b94342d4b31cc5757b",
+        "revCount": 170,
         "type": "git",
         "url": "https://git.uninsane.org/colin/uninsane"
       },

flake.nix

@@ -19,7 +19,7 @@
   # but `inputs` is required to be a strict attrset: not an expression.
   inputs = {
     # <https://github.com/nixos/nixpkgs/tree/nixos-22.11>
-    nixpkgs-stable.url = "github:nixos/nixpkgs?ref=nixos-22.11";
+    # nixpkgs-stable.url = "github:nixos/nixpkgs?ref=nixos-22.11";
 
     # <https://github.com/nixos/nixpkgs/tree/nixos-unstable>
     nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-unstable";
@@ -46,12 +46,12 @@
   outputs = {
     self,
     nixpkgs,
-    nixpkgs-stable,
     nixpkgs-unpatched,
     mobile-nixos,
     sops-nix,
-    uninsane-dot-org
-  }:
+    uninsane-dot-org,
+    ...
+  }@inputs:
     let
       nixpkgsCompiledBy = local: nixpkgs.legacyPackages."${local}";
 
@@ -117,9 +117,12 @@
         pins = import ./overlays/pins.nix;  # TODO: move to `nixpatches/` input
         passthru =
           let
-            stable = next: prev: {
-              stable = nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform.system}";
-            };
+            stable =
+              if inputs ? "nixpkgs-stable" then (
+                next: prev: {
+                  stable = inputs.nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform.system}";
+                }
+              ) else (next: prev: {});
             mobile = (import "${mobile-nixos}/overlay/overlay.nix");
             uninsane = uninsane-dot-org.overlay;
           in

hosts/by-name/desko/default.nix

@@ -54,7 +54,7 @@
     remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
     dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
   };
-  sane.persist.home.plaintext = [
+  sane.user.persist.plaintext = [
     ".steam"
     ".local/share/Steam"
   ];

hosts/by-name/lappy/default.nix

@@ -10,7 +10,7 @@
 
   # sane.packages.enableDevPkgs = true;
 
-  # sane.users.guest.enable = true;
+  # sane.guest.enable = true;
   sane.gui.sway.enable = true;
   sane.persist.enable = true;
   sane.nixcache.enable = true;

hosts/by-name/moby/default.nix

@@ -37,7 +37,7 @@
     # addons.sideberry.enable = false;
   };
 
-  sane.persist.home.plaintext = [
+  sane.user.persist.plaintext = [
     ".config/pulse"  # persist pulseaudio volume
   ];
 

hosts/by-name/servo/services/postfix.nix

@@ -1,3 +1,6 @@
+# DOCS:
+# - dovecot config: <https://doc.dovecot.org/configuration_manual/>
+
 { config, lib, ... }:
 
 let
@@ -143,6 +146,25 @@ in
 
   # inspired by https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/
   services.dovecot2.enable = true;
+  services.dovecot2.mailboxes = {
+    # special-purpose mailboxes: "All" "Archive" "Drafts" "Flagged" "Junk" "Sent" "Trash"
+    # RFC6154 describes these special mailboxes: https://www.ietf.org/rfc/rfc6154.html
+    # how these boxes are treated is 100% up to the client and server to decide.
+    # client behavior:
+    # iOS
+    #   - Drafts: ?
+    #   - Sent: works
+    #   - Trash: works
+    # aerc
+    #   - Drafts: works
+    #   - Sent: works
+    #   - Trash: no; deleted messages are actually deleted
+    #       use `:move trash` instead
+    # Sent mailbox: all sent messages are copied to it. unclear if this happens server-side or client-side.
+    Drafts = { specialUse = "Drafts"; auto = "create"; };
+    Sent = { specialUse = "Sent"; auto = "create"; };
+    Trash = { specialUse = "Trash"; auto = "create"; };
+  };
   services.dovecot2.sslServerCert = "/var/lib/acme/imap.uninsane.org/fullchain.pem";
   services.dovecot2.sslServerKey = "/var/lib/acme/imap.uninsane.org/key.pem";
   services.dovecot2.enablePAM = false;

hosts/common/default.nix

@@ -10,6 +10,7 @@
     ./ids.nix
     ./machine-id.nix
     ./net.nix
+    ./persist.nix
     ./secrets.nix
     ./ssh.nix
     ./users.nix
@@ -20,15 +21,6 @@
   sane.packages.enableConsolePkgs = true;
   sane.packages.enableSystemPkgs = true;
 
-  sane.persist.sys.plaintext = [
-    "/var/log"
-    "/var/backup"  # for e.g. postgres dumps
-    # TODO: move elsewhere
-    "/var/lib/alsa"                # preserve output levels, default devices
-    "/var/lib/colord"              # preserve color calibrations (?)
-    "/var/lib/machines"            # maybe not needed, but would be painful to add a VM and forget.
-  ];
-
   # some services which use private directories error if the parent (/var/lib/private) isn't 700.
   sane.fs."/var/lib/private".dir.acl.mode = "0700";
 

hosts/common/home/aerc.nix

@@ -7,5 +7,5 @@
     sopsFile = ../../../secrets/universal/aerc_accounts.conf;
     format = "binary";
   };
-  sane.fs."/home/colin/.config/aerc/accounts.conf" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.aerc_accounts.path;
+  sane.user.fs.".config/aerc/accounts.conf" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.aerc_accounts.path;
 }

hosts/common/home/firefox.nix

@@ -155,7 +155,7 @@ in
     # the specific attribute path is found via scraping ublock code here:
     # - <https://github.com/gorhill/uBlock/blob/master/src/js/storage.js>
     # - <https://github.com/gorhill/uBlock/blob/master/assets/assets.json>
-    sane.fs."/home/colin/${cfg.browser.dotDir}/managed-storage/uBlock0@raymondhill.net.json" = sane-lib.fs.wantedText ''
+    sane.user.fs."${cfg.browser.dotDir}/managed-storage/uBlock0@raymondhill.net.json" = sane-lib.fs.wantedText ''
       {
        "name": "uBlock0@raymondhill.net",
        "description": "ignored",
@@ -165,7 +165,7 @@ in
        }
       }
     '';
-    sane.fs."/home/colin/${cfg.browser.dotDir}/${cfg.browser.libName}.overrides.cfg" = sane-lib.fs.wantedText ''
+    sane.user.fs."${cfg.browser.dotDir}/${cfg.browser.libName}.overrides.cfg" = sane-lib.fs.wantedText ''
       // if we can't query the revocation status of a SSL cert because the issuer is offline,
       // treat it as unrevoked.
       // see: <https://librewolf.net/docs/faq/#im-getting-sec_error_ocsp_server_error-what-can-i-do>
@@ -174,17 +174,17 @@ in
 
     sane.packages.extraGuiPkgs = [ package ];
     # flush the cache to disk to avoid it taking up too much tmp
-    sane.persist.home.byPath."${cfg.browser.cacheDir}" = lib.mkIf (cfg.persistCache != null) {
+    sane.user.persist.byPath."${cfg.browser.cacheDir}" = lib.mkIf (cfg.persistCache != null) {
       store = cfg.persistCache;
     };
 
-    sane.persist.home.byPath."${cfg.browser.dotDir}/default" = lib.mkIf (cfg.persistData != null) {
+    sane.user.persist.byPath."${cfg.browser.dotDir}/default" = lib.mkIf (cfg.persistData != null) {
       store = cfg.persistData;
     };
-    sane.fs."/home/colin/${cfg.browser.dotDir}/default" = sane-lib.fs.wantedDir;
+    sane.user.fs."${cfg.browser.dotDir}/default" = sane-lib.fs.wantedDir;
     # instruct Firefox to put the profile in a predictable directory (so we can do things like persist just it).
     # XXX: the directory *must* exist, even if empty; Firefox will not create the directory itself.
-    sane.fs."/home/colin/${cfg.browser.dotDir}/profiles.ini" = sane-lib.fs.wantedText ''
+    sane.user.fs."${cfg.browser.dotDir}/profiles.ini" = sane-lib.fs.wantedText ''
       [Profile0]
       Name=default
       IsRelative=1

hosts/common/home/gfeeds.nix

@@ -6,7 +6,7 @@ let
   all-feeds = config.sane.feeds;
   wanted-feeds = feeds.filterByFormat ["text" "image"] all-feeds;
 in {
-  sane.fs."/home/colin/.config/org.gabmus.gfeeds.json" = sane-lib.fs.wantedText (
+  sane.user.fs.".config/org.gabmus.gfeeds.json" = sane-lib.fs.wantedText (
     builtins.toJSON {
       # feed format is a map from URL to a dict,
       #   with dict["tags"] a list of string tags.

hosts/common/home/git.nix

@@ -4,7 +4,7 @@ let
   mkCfg = lib.generators.toINI { };
 in
 {
-  sane.fs."/home/colin/.config/git/config" = sane-lib.fs.wantedText (mkCfg {
+  sane.user.fs.".config/git/config" = sane-lib.fs.wantedText (mkCfg {
     user.name = "Colin";
     user.email = "colin@uninsane.org";
     alias.co = "checkout";

hosts/common/home/gpodder.nix

@@ -6,7 +6,7 @@ let
   all-feeds = config.sane.feeds;
   wanted-feeds = feeds.filterByFormat ["podcast"] all-feeds;
 in {
-  sane.fs."/home/colin/.config/gpodderFeeds.opml" = sane-lib.fs.wantedText (
+  sane.user.fs.".config/gpodderFeeds.opml" = sane-lib.fs.wantedText (
     feeds.feedsToOpml wanted-feeds
   );
 }

hosts/common/home/keyring.nix

@@ -1,10 +1,11 @@
 { config, sane-lib, ... }:
 
 {
-  sane.persist.home.private = [ ".local/share/keyrings" ];
+  sane.user.persist.private = [ ".local/share/keyrings" ];
 
-  sane.fs."/home/colin/private/.local/share/keyrings/default" = {
+  sane.user.fs."private/.local/share/keyrings/default" = {
     generated.script.script = builtins.readFile ../../../scripts/init-keyring;
+    # TODO: is this `wantedBy` needed? can we inherit it?
     wantedBy = [ config.sane.fs."/home/colin/private".unit ];
   };
 }

hosts/common/home/kitty.nix

@@ -1,7 +1,7 @@
 { pkgs, sane-lib, ... }:
 
 {
-  sane.fs."/home/colin/.config/kitty/kitty.conf" = sane-lib.fs.wantedText ''
+  sane.user.fs.".config/kitty/kitty.conf" = sane-lib.fs.wantedText ''
     # docs: https://sw.kovidgoyal.net/kitty/conf/
     # disable terminal bell (when e.g. you backspace too many times)
     enable_audio_bell no

hosts/common/home/libreoffice.nix

@@ -2,7 +2,7 @@
 
 {
   # libreoffice: disable first-run stuff
-  sane.fs."/home/colin/.config/libreoffice/4/user/registrymodifications.xcu" = sane-lib.fs.wantedText ''
+  sane.user.fs.".config/libreoffice/4/user/registrymodifications.xcu" = sane-lib.fs.wantedText ''
     <?xml version="1.0" encoding="UTF-8"?>
     <oor:items xmlns:oor="http://openoffice.org/2001/registry" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <item oor:path="/org.openoffice.Office.Common/Misc"><prop oor:name="FirstRun" oor:op="fuse"><value>false</value></prop></item>

hosts/common/home/mpv.nix

@@ -2,7 +2,7 @@
 
 {
   # format is <key>=%<length>%<value>
-  sane.fs."/home/colin/.config/mpv/mpv.conf" = sane-lib.fs.wantedText ''
+  sane.user.fs.".config/mpv/mpv.conf" = sane-lib.fs.wantedText ''
     save-position-on-quit=%3%yes
     keep-open=%3%yes
   '';

hosts/common/home/neovim.nix

@@ -72,7 +72,7 @@ let
 in
 {
   # private because there could be sensitive things in the swap
-  sane.persist.home.private = [ ".cache/vim-swap" ];
+  sane.user.persist.private = [ ".cache/vim-swap" ];
 
   programs.neovim = {
     # neovim: https://github.com/neovim/neovim

hosts/common/home/newsflash.nix

@@ -6,7 +6,7 @@ let
   all-feeds = config.sane.feeds;
   wanted-feeds = feeds.filterByFormat ["text" "image"] all-feeds;
 in {
-  sane.fs."/home/colin/.config/newsflashFeeds.opml" = sane-lib.fs.wantedText (
+  sane.user.fs.".config/newsflashFeeds.opml" = sane-lib.fs.wantedText (
     feeds.feedsToOpml wanted-feeds
   );
 }

hosts/common/home/splatmoji.nix

@@ -4,9 +4,9 @@
 { pkgs, sane-lib, ... }:
 
 {
-  sane.persist.home.plaintext = [ ".local/state/splatmoji" ];
-  sane.fs."/home/colin/.config/splatmoji/splatmoji.config" = sane-lib.fs.wantedText ''
-    history_file=/home/colin/.local/state/splatmoji/history
+  sane.user.persist.plaintext = [ ".local/state/splatmoji" ];
+  sane.user.fs.".config/splatmoji/splatmoji.config" = sane-lib.fs.wantedText ''
+    history_file=~/.local/state/splatmoji/history
     history_length=5
     # TODO: wayland equiv
     paste_command=xdotool key ctrl+v

hosts/common/home/ssh.nix

@@ -12,9 +12,9 @@ let
 in
 {
   # ssh key is stored in private storage
-  sane.persist.home.private = [ ".ssh/id_ed25519" ];
-  sane.fs."/home/colin/.ssh/id_ed25519.pub" = sane-lib.fs.wantedText user-pubkey;
-  sane.fs."/home/colin/.ssh/known_hosts" = sane-lib.fs.wantedText known-hosts-text;
+  sane.user.persist.private = [ ".ssh/id_ed25519" ];
+  sane.user.fs.".ssh/id_ed25519.pub" = sane-lib.fs.wantedText user-pubkey;
+  sane.user.fs.".ssh/known_hosts" = sane-lib.fs.wantedText known-hosts-text;
 
   users.users.colin.openssh.authorizedKeys.keys =
   let

hosts/common/home/sublime-music.nix

@@ -7,5 +7,5 @@
     sopsFile = ../../../secrets/universal/sublime_music_config.json.bin;
     format = "binary";
   };
-  sane.fs."/home/colin/.config/sublime-music/config.json" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.sublime_music_config.path;
+  sane.user.fs.".config/sublime-music/config.json" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.sublime_music_config.path;
 }

hosts/common/home/vlc.nix

@@ -9,7 +9,7 @@ let
   );
 in
 {
-  sane.fs."/home/colin/.config/vlc/vlcrc" = sane-lib.fs.wantedText ''
+  sane.user.fs.".config/vlc/vlcrc" = sane-lib.fs.wantedText ''
     [podcast]
     podcast-urls=${podcast-urls}
     [core]

hosts/common/home/xdg-dirs.nix

@@ -3,7 +3,7 @@
 {
   # XDG defines things like ~/Desktop, ~/Downloads, etc.
   # these clutter the home, so i mostly don't use them.
-  sane.fs."/home/colin/.config/user-dirs.dirs" = sane-lib.fs.wantedText ''
+  sane.user.fs.".config/user-dirs.dirs" = sane-lib.fs.wantedText ''
     XDG_DESKTOP_DIR="$HOME/.xdg/Desktop"
     XDG_DOCUMENTS_DIR="$HOME/dev"
     XDG_DOWNLOAD_DIR="$HOME/tmp"
@@ -16,5 +16,5 @@
 
   # prevent `xdg-user-dirs-update` from overriding/updating our config
   # see <https://manpages.ubuntu.com/manpages/bionic/man5/user-dirs.conf.5.html>
-  sane.fs."/home/colin/.config/user-dirs.conf" = sane-lib.fs.wantedText "enabled=False";
+  sane.user.fs.".config/user-dirs.conf" = sane-lib.fs.wantedText "enabled=False";
 }

hosts/common/home/zsh/default.nix

@@ -26,7 +26,7 @@ let
   '';
 in
 {
-  sane.persist.home.plaintext = [
+  sane.user.persist.plaintext = [
     # we don't need to full zsh dir -- just the history file --
     # but zsh will sometimes backup the history file and we get fewer errors if we do proper mounts instead of symlinks.
     # TODO: should be private?
@@ -36,7 +36,7 @@ in
   ];
 
   # zsh/prezto complains if zshrc doesn't exist; but it does allow an "empty" file.
-  sane.fs."/home/colin/.config/zsh/.zshrc" = sane-lib.fs.wantedText "# ";
+  sane.user.fs.".config/zsh/.zshrc" = sane-lib.fs.wantedText "# ";
 
   # enable zsh completions
   environment.pathsToLink = [ "/share/zsh" ];
@@ -107,7 +107,7 @@ in
   # prezto = oh-my-zsh fork; controls prompt, auto-completion, etc.
   # see: https://github.com/sorin-ionescu/prezto
   # i believe this file is auto-sourced by the prezto init.zsh script.
-  sane.fs."/home/colin/.config/zsh/.zpreztorc" = sane-lib.fs.wantedText ''
+  sane.user.fs.".config/zsh/.zpreztorc" = sane-lib.fs.wantedText ''
     zstyle ':prezto:*:*' color 'yes'
 
     # modules (they ship with prezto):

hosts/common/persist.nix

@@ -0,0 +1,16 @@
+{ ... }:
+
+{
+  sane.persist.stores.private.origin = "/home/colin/private";
+  # store /home/colin/a/b in /home/private/a/b instead of /home/private/home/colin/a/b
+  sane.persist.stores.private.prefix = "/home/colin";
+
+  sane.persist.sys.plaintext = [
+    "/var/log"
+    "/var/backup"  # for e.g. postgres dumps
+    # TODO: move elsewhere
+    "/var/lib/alsa"                # preserve output levels, default devices
+    "/var/lib/colord"              # preserve color calibrations (?)
+    "/var/lib/machines"            # maybe not needed, but would be painful to add a VM and forget.
+  ];
+}

hosts/common/users.nix

@@ -3,12 +3,12 @@
 # installer docs: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix
 with lib;
 let
-  cfg = config.sane.users;
+  cfg = config.sane.guest;
   fs = sane-lib.fs;
 in
 {
   options = {
-    sane.users.guest.enable = mkOption {
+    sane.guest.enable = mkOption {
       default = false;
       type = types.bool;
     };
@@ -68,6 +68,7 @@ in
 
     security.pam.mount.enable = true;
 
+    sane.users.colin.default = true;
     # ensure ~ perms are known to sane.fs module.
     # TODO: this is generic enough to be lifted up into sane.fs itself.
     sane.fs."/home/colin".dir.acl = {
@@ -76,7 +77,7 @@ in
       mode = config.users.users.colin.homeMode;
     };
 
-    sane.persist.home.plaintext = [
+    sane.user.persist.plaintext = [
       "archive"
       "dev"
       # TODO: records should be private
@@ -95,20 +96,20 @@ in
     ];
 
     # convenience
-    sane.fs."/home/colin/knowledge" = fs.wantedSymlinkTo "/home/colin/private/knowledge";
-    sane.fs."/home/colin/nixos" = fs.wantedSymlinkTo "/home/colin/dev/nixos";
-    sane.fs."/home/colin/Videos/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Videos";
-    sane.fs."/home/colin/Videos/servo-incomplete" = fs.wantedSymlinkTo "/mnt/servo-media/incomplete";
-    sane.fs."/home/colin/Music/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Music";
+    sane.user.fs."knowledge" = fs.wantedSymlinkTo "private/knowledge";
+    sane.user.fs."nixos" = fs.wantedSymlinkTo "dev/nixos";
+    sane.user.fs."Videos/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Videos";
+    sane.user.fs."Videos/servo-incomplete" = fs.wantedSymlinkTo "/mnt/servo-media/incomplete";
+    sane.user.fs."Music/servo" = fs.wantedSymlinkTo "/mnt/servo-media/Music";
 
     # used by password managers, e.g. unix `pass`
-    sane.fs."/home/colin/.password-store" = fs.wantedSymlinkTo "/home/colin/knowledge/secrets/accounts";
+    sane.user.fs.".password-store" = fs.wantedSymlinkTo "knowledge/secrets/accounts";
 
-    sane.persist.sys.plaintext = mkIf cfg.guest.enable [
+    sane.persist.sys.plaintext = mkIf cfg.enable [
       # intentionally allow other users to write to the guest folder
       { directory = "/home/guest"; user = "guest"; group = "users"; mode = "0775"; }
     ];
-    users.users.guest = mkIf cfg.guest.enable {
+    users.users.guest = mkIf cfg.enable {
       isNormalUser = true;
       home = "/home/guest";
       subUidRanges = [

hosts/modules/default.nix

@@ -7,7 +7,9 @@
     ./hardware
     ./hostnames.nix
     ./hosts.nix
+    ./nixcache.nix
     ./roles
+    ./services
     ./wg-home.nix
   ];
 }

hosts/modules/gui/sway.nix

@@ -171,7 +171,7 @@ in
       enable = true;
       wrapperFeatures.gtk = true;
     };
-    sane.fs."/home/colin/.config/sway/config" =
+    sane.user.fs.".config/sway/config" =
       let
         fuzzel = "${pkgs.fuzzel}/bin/fuzzel";
         sed = "${pkgs.gnused}/bin/sed";
@@ -346,10 +346,10 @@ in
         }
       '';
 
-    sane.fs."/home/colin/.config/waybar/config" = sane-lib.fs.wantedSymlinkTo waybar-config-text;
+    sane.user.fs.".config/waybar/config" = sane-lib.fs.wantedSymlinkTo waybar-config-text;
 
     # style docs: https://github.com/Alexays/Waybar/wiki/Styling
-    sane.fs."/home/colin/.config/waybar/style.css" = sane-lib.fs.wantedText ''
+    sane.user.fs.".config/waybar/style.css" = sane-lib.fs.wantedText ''
       * {
         font-family: monospace;
       }

hosts/modules/services/default.nix

@@ -0,0 +1,6 @@
+{ ... }:
+{
+  imports = [
+    ./duplicity.nix
+  ];
+}

modules/default.nix

@@ -7,11 +7,11 @@
     ./ids.nix
     ./packages.nix
     ./image.nix
-    ./nixcache.nix
     ./persist
     ./services
     ./sops.nix
     ./ssh.nix
+    ./users.nix
   ];
 
   _module.args =  {

modules/lib/default.nix

@@ -20,9 +20,13 @@ sane-lib = rec {
   isPrefixOfList = p: l: (lib.sublist 0 (lib.length p) l) == p;
 
   # merges N attrsets
-  # Type: flattenAttrsList :: [AttrSet] -> AttrSet
+  # Type: joinAttrsets :: [AttrSet] -> AttrSet
   joinAttrsets = l: lib.foldl' lib.attrsets.unionOfDisjoint {} l;
 
+  # merges N attrsets, recursively
+  # Type: joinAttrsetsRecursive :: [AttrSet] -> AttrSet
+  joinAttrsetsRecursive = l: lib.foldl' (lib.attrsets.recursiveUpdateUntil (path: lhs: rhs: false)) {} l;
+
   # evaluate a `{ name, value }` pair in the same way that `listToAttrs` does.
   # Type: nameValueToAttrs :: { name :: String, value :: Any } -> Any
   nameValueToAttrs = { name, value }: {

modules/lib/merge.nix

@@ -17,7 +17,7 @@ rec {
       merged = builtins.map (p: lib.setAttrByPath p (mergeAtPath p discharged)) pathsToMerge;
     in
       assert builtins.all (assertNoExtraPaths pathsToMerge) discharged;
-      sane-lib.joinAttrsets merged;
+      sane-lib.joinAttrsetsRecursive merged;
 
   # `take` is as in mkTypedMerge. this function queries which items `take` is interested in.
   # for example:

modules/packages.nix

@@ -25,6 +25,7 @@ let
     ifuse
     imagemagick
     ipfs
+    kitty  # TODO: move to GUI, but `ssh servo` from kitty sets `TERM=xterm-kitty` in the remove and breaks things
     libimobiledevice
     libsecret  # for managing user keyrings
     lm_sensors  # for sensors-detect
@@ -111,7 +112,6 @@ let
 
     kdenlive
     kid3  # audio tagging
-    kitty
     krita
     libreoffice-fresh  # XXX colin: maybe don't want this on mobile
     lollypop
@@ -322,8 +322,8 @@ in
 
   config = {
     environment.systemPackages = mkIf cfg.enableSystemPkgs systemPkgs;
-    sane.persist.home.plaintext = concatLists (map (p: p.dir) cfg.enabledUserPkgs);
-    sane.persist.home.private = concatLists (map (p: p.private) cfg.enabledUserPkgs);
+    sane.user.persist.plaintext = concatLists (map (p: p.dir) cfg.enabledUserPkgs);
+    sane.user.persist.private = concatLists (map (p: p.private) cfg.enabledUserPkgs);
     # XXX: this might not be necessary. try removing this and cacert.unbundled?
     environment.etc."ssl/certs".source = mkIf cfg.enableSystemPkgs "${pkgs.cacert.unbundled}/etc/ssl/certs/*";
   };

modules/persist/computed.nix

@@ -1,18 +0,0 @@
-{ config, lib, sane-lib, ... }:
-
-let
-  path = sane-lib.path;
-  cfg = config.sane.persist;
-
-  withPrefix = relativeTo: entries: lib.mapAttrs' (fspath: value: {
-    name = path.concat [ relativeTo fspath ];
-    inherit value;
-  }) entries;
-in
-{
-  # merge the `byPath` mappings from both `home` and `sys` into one namespace
-  sane.persist.byPath = lib.mkMerge [
-    (withPrefix "/home/colin" cfg.home.byPath)
-    (withPrefix "/" cfg.sys.byPath)
-  ];
-}

modules/persist/default.nix

@@ -179,23 +179,11 @@ in
       type = types.bool;
       description = "define / fs root to be a tmpfs. make sure to mount some other device to /nix";
     };
-    sane.persist.home = mkOption {
-      description = "directories to persist to disk, relative to a user's home ~";
-      default = {};
-      type = dirsSubModule;
-    };
     sane.persist.sys = mkOption {
       description = "directories to persist to disk, relative to the fs root /";
       default = {};
       type = dirsSubModule;
     };
-    sane.persist.byPath = mkOption {
-      type = types.attrsOf (convertInlineAcl entryAtPath);
-      description = ''
-        map of <path> => <path config> for all paths to be persisted.
-        this is computed from the other options, but users can also set it explicitly (useful for overriding)
-      '';
-    };
     sane.persist.stores = mkOption {
       type = types.attrsOf storeType;
       default = {};
@@ -206,7 +194,6 @@ in
   };
 
   imports = [
-    ./computed.nix
     ./root-on-tmpfs.nix
     ./stores
   ];
@@ -247,7 +234,7 @@ in
           );
         }
       ];
-    configs = lib.mapAttrsToList cfgFor cfg.byPath;
+    configs = lib.mapAttrsToList cfgFor cfg.sys.byPath;
     take = f: { sane.fs = f.sane.fs; };
   in mkIf cfg.enable (
     take (sane-lib.mkTypedMerge take configs)

modules/persist/stores/crypt.nix

@@ -1,14 +1,10 @@
-{ config, lib, pkgs, utils, ... }:
+{ config, lib, pkgs, sane-lib, utils, ... }:
 
 let
-  store = rec {
-    device = "/mnt/persist/crypt/clearedonboot";
-    underlying = {
-      path = "/nix/persist/crypt/clearedonboot";
-      # TODO: consider moving this to /tmp, but that requires tmp be mounted first?
-      key = "/mnt/persist/crypt/clearedonboot.key";
-    };
-  };
+  persist-base = config.sane.persist.stores."plaintext".origin;
+  device = config.sane.persist.stores."cryptClearOnBoot".origin;
+  key = "${device}.key";
+  underlying = sane-lib.path.concat [ persist-base "crypt/clearedonboot" ];
 in
 lib.mkIf config.sane.persist.enable
 {
@@ -17,35 +13,35 @@ lib.mkIf config.sane.persist.enable
       stored to disk, but encrypted to an in-memory key and cleared on every boot
       so that it's unreadable after power-off
     '';
-    origin = store.device;
+    origin = lib.mkDefault "/mnt/persist/crypt/clearedonboot";
   };
 
 
-  fileSystems."${store.device}" = {
-    device = store.underlying.path;
+  fileSystems."${device}" = {
+    device = underlying;
     fsType = "fuse.gocryptfs";
     options = [
       "nodev"
       "nosuid"
       "allow_other"
-      "passfile=${store.underlying.key}"
+      "passfile=${key}"
       "defaults"
     ];
     noCheck = true;
   };
   # let sane.fs know about our fileSystem and automatically add the appropriate dependencies
-  sane.fs."${store.device}".mount = {
+  sane.fs."${device}".mount = {
     # technically the dependency on the keyfile is extraneous because that *happens* to
     # be needed to init the store.
     depends = let
-      cryptfile = config.sane.fs."${store.underlying.path}/gocryptfs.conf";
-      keyfile = config.sane.fs."${store.underlying.key}";
+      cryptfile = config.sane.fs."${underlying}/gocryptfs.conf";
+      keyfile = config.sane.fs."${key}";
     in [ keyfile.unit cryptfile.unit ];
   };
 
   # let sane.fs know how to initialize the gocryptfs store,
   # and that it MUST do so
-  sane.fs."${store.underlying.path}/gocryptfs.conf".generated = {
+  sane.fs."${underlying}/gocryptfs.conf".generated = {
     script.script = ''
       backing="$1"
       passfile="$2"
@@ -54,17 +50,17 @@ lib.mkIf config.sane.persist.enable
       rm -rf "''${backing:?}"/*
       ${pkgs.gocryptfs}/bin/gocryptfs -quiet -passfile "$passfile" -init "$backing"
     '';
-    script.scriptArgs = [ store.underlying.path store.underlying.key ];
+    script.scriptArgs = [ underlying key ];
     # we need the key in order to initialize the store
-    depends = [ config.sane.fs."${store.underlying.key}".unit ];
+    depends = [ config.sane.fs."${key}".unit ];
   };
 
   # let sane.fs know how to generate the key for gocryptfs
-  sane.fs."${store.underlying.key}".generated = {
+  sane.fs."${key}".generated = {
     script.script = ''
       dd if=/dev/random bs=128 count=1 | base64 --wrap=0 > "$1"
     '';
-    script.scriptArgs = [ store.underlying.key ];
+    script.scriptArgs = [ key ];
     # no need for anyone else to be able to read the key
     acl.mode = "0400";
   };

modules/persist/stores/plaintext.nix

@@ -3,7 +3,7 @@
 let
   cfg = config.sane.persist;
 in lib.mkIf cfg.enable {
-  sane.persist.stores."plaintext" = {
+  sane.persist.stores."plaintext" = lib.mkDefault {
     origin = "/nix/persist";
   };
   # TODO: needed?

modules/persist/stores/private.nix

@@ -1,21 +1,23 @@
-{ config, lib, pkgs, utils, ... }:
+{ config, lib, pkgs, sane-lib, utils, ... }:
 
+let
+  persist-base = config.sane.persist.stores."plaintext".origin;
+  private-dir = config.sane.persist.stores."private".origin;
+  private-backing-dir = sane-lib.path.concat [ persist-base private-dir ];
+in
 lib.mkIf config.sane.persist.enable
 {
   sane.persist.stores."private" = {
     storeDescription = ''
-      encrypted to the user's password and auto-unlocked at login
+      encrypted store which persists across boots.
+      typical use case is for the user to encrypt this store using their login password so that it
+      can be auto-unlocked at login.
     '';
-    origin = "/home/colin/private";
-    # files stored under here *must* have the /home/colin prefix.
-    # internally, this prefix is removed so that e.g.
-    # /home/colin/foo/bar when stored in `private` is visible at
-    # /home/colin/private/foo/bar
-    prefix = "/home/colin";
+    origin = lib.mkDefault "/mnt/private";
     defaultOrdering = let
-      private-unit = config.sane.fs."/home/colin/private".unit;
+      private-unit = config.sane.fs."${private-dir}".unit;
     in {
-      # auto create only after ~/private is mounted
+      # auto create only after the store is mounted
       wantedBy = [ private-unit ];
       # we can't create things in private before local-fs.target
       wantedBeforeBy = [ ];
@@ -23,13 +25,13 @@ lib.mkIf config.sane.persist.enable
     defaultMethod = "symlink";
   };
 
-  fileSystems."/home/colin/private" = {
-    device = "/nix/persist/home/colin/private";
+  fileSystems."${private-dir}" = {
+    device = private-backing-dir;
     fsType = "fuse.gocryptfs";
     options = [
       "noauto"  # don't try to mount, until the user logs in!
       "nofail"
-      "allow_other"  # root ends up being the user that mounts this, so need to make it visible to `colin`.
+      "allow_other"  # root ends up being the user that mounts this, so need to make it visible to other users.
       "nodev"
       "nosuid"
       "quiet"
@@ -39,9 +41,9 @@ lib.mkIf config.sane.persist.enable
   };
 
   # let sane.fs know about the mount
-  sane.fs."/home/colin/private".mount = {};
+  sane.fs."${private-dir}".mount = {};
   # it also needs to know that the underlying device is an ordinary folder
-  sane.fs."/nix/persist/home/colin/private".dir = {};
+  sane.fs."${private-backing-dir}".dir = {};
 
   # TODO: could add this *specifically* to the .mount file for the encrypted fs?
   system.fsPackages = [ pkgs.gocryptfs ];  # fuse needs to find gocryptfs

modules/services/default.nix

@@ -1,7 +1,6 @@
 { ... }:
 {
   imports = [
-    ./duplicity.nix
     ./dyn-dns.nix
     ./kiwix-serve.nix
     ./mautrix-signal.nix

modules/users.nix

@@ -0,0 +1,110 @@
+{ config, lib, options, sane-lib, ... }:
+
+let
+  inherit (builtins) attrValues;
+  inherit (lib) count mapAttrs' mapAttrsToList mkIf mkMerge mkOption types;
+  sane-user-cfg = config.sane.user;
+  cfg = config.sane.users;
+  path-lib = sane-lib.path;
+  userOptions = {
+    options = {
+      fs = mkOption {
+        type = types.attrs;
+        default = {};
+        description = ''
+          entries to pass onto `sane.fs` after prepending the user's home-dir to the path.
+          e.g. `sane.users.colin.fs."/.config/aerc" = X`
+            => `sane.fs."/home/colin/.config/aerc" = X;
+        '';
+      };
+
+      persist = mkOption {
+        type = options.sane.persist.sys.type;
+        default = {};
+        description = ''
+          entries to pass onto `sane.persist.sys` after prepending the user's home-dir to the path.
+        '';
+      };
+    };
+  };
+  userModule = types.submodule ({ name, config, ... }: {
+    options = userOptions.options // {
+      default = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          only one default user may exist.
+          this option determines what the `sane.user` shorthand evaluates to.
+        '';
+      };
+
+      home = mkOption {
+        type = types.str;
+        # XXX: we'd prefer to set this to `config.users.users.home`, but that causes infinite recursion...
+        # TODO: maybe assert that this matches the actual home?
+        default = "/home/${name}";
+      };
+    };
+
+    # if we're the default user, inherit whatever settings were routed to the default user
+    config = mkIf config.default sane-user-cfg;
+  });
+  processUser = user: defn:
+    let
+      prefixWithHome = mapAttrs' (path: value: {
+        name = path-lib.concat [ defn.home path ];
+        inherit value;
+      });
+    in
+    {
+      sane.fs = prefixWithHome defn.fs;
+
+      # `byPath` is the actual output here, computed from the other keys.
+      sane.persist.sys.byPath = prefixWithHome defn.persist.byPath;
+    };
+in
+{
+  options = {
+    sane.users = mkOption {
+      type = types.attrsOf userModule;
+      default = {};
+      description = ''
+        options to apply to the given user.
+        the user is expected to be created externally.
+        configs applied at this level are simply transformed and then merged
+        into the toplevel `sane` options. it's merely a shorthand.
+      '';
+    };
+
+    sane.user = mkOption {
+      type = types.nullOr (types.submodule userOptions);
+      default = null;
+      description = ''
+        options to pass down to the default user
+      '';
+    };
+  };
+  config =
+    let
+      configs = mapAttrsToList processUser cfg;
+      num-default-users = count (u: u.default) (attrValues cfg);
+      take = f: {
+        sane.fs = f.sane.fs;
+        sane.persist.sys.byPath = f.sane.persist.sys.byPath;
+      };
+    in mkMerge [
+      (take (sane-lib.mkTypedMerge take configs))
+      {
+        assertions = [
+          {
+            assertion = sane-user-cfg == null || num-default-users != 0;
+            message = "cannot set `sane.user` without first setting `sane.users.<user>.default = true` for some user";
+          }
+          {
+            assertion = num-default-users <= 1;
+            message = "cannot set more than one default user";
+          }
+        ];
+      }
+    ];
+}

overlays/pins.nix

@@ -8,27 +8,5 @@
   # XXX: when invoked outside our flake (e.g. via NIX_PATH) there is no `next.stable`,
   # so just forward the unstable packages.
   inherit (next.stable or prev)
-    # broken on 2023/01/14 via mtxclient dep, aarch64-only:
-    # fixed on 2023/01/24?
-    #   error: builder for '/nix/store/gwidl0c9ksxjgx0dgwnjssix4ikq73v5-mtxclient-0.9.0.drv' failed with exit code 2;
-    #      last 10 log lines:
-    #      > make[2]: *** [CMakeFiles/matrix_client.dir/build.make:370: CMakeFiles/matrix_client.dir/lib/structs/events/encrypted.cpp.o] Error 1
-    #      > In file included from /build/source/include/mtxclient/crypto/client.hpp:17,
-    #      >                  from /build/source/lib/crypto/utils.cpp:17:
-    #      > /build/source/include/mtx/identifiers.hpp:12:10: fatal error: compare: No such file or directory
-    #      >    12 | #include <compare>
-    #      >       |          ^~~~~~~~~
-    #      > compilation terminated.
-    #      > make[2]: *** [CMakeFiles/matrix_client.dir/build.make:132: CMakeFiles/matrix_client.dir/lib/crypto/utils.cpp.o] Error 1
-    #      > make[1]: *** [CMakeFiles/Makefile2:83: CMakeFiles/matrix_client.dir/all] Error 2
-    #      > make: *** [Makefile:136: all] Error 2
-    #      For full logs, run 'nix log /nix/store/gwidl0c9ksxjgx0dgwnjssix4ikq73v5-mtxclient-0.9.0.drv'.
-    #   error: 1 dependencies of derivation '/nix/store/4i2d1qdh4x6n23h1jbcbhm8q9q2hch9a-nheko-0.11.0.drv' failed to build
-    #   error: 1 dependencies of derivation '/nix/store/k4f7k7cvjp8rb7clhlfq3yxgs6lbfmk7-home-manager-path.drv' failed to build
-    #   error: 1 dependencies of derivation '/nix/store/67d9k554188lh4ddl4ar6j74mpc3r4sv-home-manager-generation.drv' failed to build
-    #   error: 1 dependencies of derivation '/nix/store/5qjxzhsw1jvh2d7jypbcam9409ivb472-user-environment.drv' failed to build
-    #   error: 1 dependencies of derivation '/nix/store/hrb3qpdbisqh0lzlyz1g9g4164khmqwn-etc.drv' failed to build
-    #   error: 1 dependencies of derivation '/nix/store/ny21xyicbgim5wy7ksg2hibd9gn7i01b-nixos-system-moby-23.05pre-git.drv' failed to build
-    # nheko
   ;
 })