get sane.packages to work better. still needs cleanup

hosts/by-name/servo/services/postfix.nix

@@ -1,3 +1,6 @@
+# DOCS:
+# - dovecot config: <https://doc.dovecot.org/configuration_manual/>
+
 { config, lib, ... }:
 
 let
@@ -143,6 +146,25 @@ in
 
   # inspired by https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/
   services.dovecot2.enable = true;
+  services.dovecot2.mailboxes = {
+    # special-purpose mailboxes: "All" "Archive" "Drafts" "Flagged" "Junk" "Sent" "Trash"
+    # RFC6154 describes these special mailboxes: https://www.ietf.org/rfc/rfc6154.html
+    # how these boxes are treated is 100% up to the client and server to decide.
+    # client behavior:
+    # iOS
+    #   - Drafts: ?
+    #   - Sent: works
+    #   - Trash: works
+    # aerc
+    #   - Drafts: works
+    #   - Sent: works
+    #   - Trash: no; deleted messages are actually deleted
+    #       use `:move trash` instead
+    # Sent mailbox: all sent messages are copied to it. unclear if this happens server-side or client-side.
+    Drafts = { specialUse = "Drafts"; auto = "create"; };
+    Sent = { specialUse = "Sent"; auto = "create"; };
+    Trash = { specialUse = "Trash"; auto = "create"; };
+  };
   services.dovecot2.sslServerCert = "/var/lib/acme/imap.uninsane.org/fullchain.pem";
   services.dovecot2.sslServerKey = "/var/lib/acme/imap.uninsane.org/key.pem";
   services.dovecot2.enablePAM = false;

hosts/common/default.nix

@@ -11,6 +11,7 @@
     ./machine-id.nix
     ./net.nix
     ./persist.nix
+    ./programs.nix
     ./secrets.nix
     ./ssh.nix
     ./users.nix

hosts/common/programs.nix

@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+{
+  sane.programs = {
+    btrfs-progs.enableFor.system = true;
+    # "cacert.unbundled".enableFor.system = true;
+    cryptsetup.enableFor.system = true;
+    dig = {
+      enableFor.system = true;
+      suggestedPrograms = [ "efibootmgr" ];
+    };
+    efibootmgr = {};
+    fatresize = {};
+
+    backblaze-b2.enableFor.user.colin = true;
+    cdrtools = {
+      enableFor.user.colin = true;
+      suggestedPrograms = [ "dmidecode" ];
+    };
+    dmidecode = {};
+  };
+}

modules/default.nix

@@ -6,6 +6,7 @@
     ./fs
     ./ids.nix
     ./packages.nix
+    ./programs.nix
     ./image.nix
     ./persist
     ./services

modules/packages.nix

@@ -25,6 +25,7 @@ let
     ifuse
     imagemagick
     ipfs
+    kitty  # TODO: move to GUI, but `ssh servo` from kitty sets `TERM=xterm-kitty` in the remove and breaks things
     libimobiledevice
     libsecret  # for managing user keyrings
     lm_sensors  # for sensors-detect
@@ -46,6 +47,7 @@ let
     sequoia
     snapper
     sops
+    sox
     speedtest-cli
     sqlite  # to debug sqlite3 databases
     ssh-to-age
@@ -79,7 +81,7 @@ let
 
     # { pkg = fluffychat-moby; dir = [ ".local/share/chat.fluffy.fluffychat" ]; }  # TODO: ship normal fluffychat on non-moby?
 
-    foliate
+    foliate  # e-book reader
     font-manager
 
     # XXX by default fractal stores its state in ~/.local/share/<UUID>.
@@ -111,7 +113,6 @@ let
 
     kdenlive
     kid3  # audio tagging
-    kitty
     krita
     libreoffice-fresh  # XXX colin: maybe don't want this on mobile
     lollypop

modules/programs.nix

@@ -0,0 +1,131 @@
+{ config, lib, pkgs, sane-lib, ... }:
+let
+  inherit (builtins) any elem map;
+  inherit (lib) filterAttrs mapAttrs mapAttrsToList mkDefault mkIf mkMerge mkOption optionalAttrs types;
+  inherit (sane-lib) joinAttrsets;
+  cfg = config.sane.programs;
+  pkgSpec = types.submodule ({ name, ... }: {
+    options = {
+      package = mkOption {
+        type = types.package;
+      };
+      enableFor.system = mkOption {
+        type = types.bool;
+        default = any (en: en) (
+          mapAttrsToList
+            (otherName: otherPkg:
+              otherName != name && elem name otherPkg.suggestedPrograms && otherPkg.enableSuggested && otherPkg.enableFor.system
+            )
+            cfg
+        );
+        description = ''
+          place this program on the system PATH
+        '';
+      };
+      enableFor.user = mkOption {
+        type = types.attrsOf types.bool;
+        # default = mkMerge (mapAttrsToList (_otherName: otherPkg:
+        #   optionalAttrs
+        #     (otherPkg.enableSuggested && elem name otherPkg.suggestedPrograms)
+        #     otherPkg.enableFor.user
+        # ) cfg);
+        default = joinAttrsets (mapAttrsToList (otherName: otherPkg:
+           optionalAttrs
+             (otherName != name && elem name otherPkg.suggestedPrograms && otherPkg.enableSuggested)
+             (filterAttrs (user: en: en) otherPkg.enableFor.user)
+        ) cfg);
+        description = ''
+          place this program on the PATH for some specified user(s).
+        '';
+      };
+      suggestedPrograms = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        description = ''
+          list of other programs a user may want to enable alongside this one.
+          for example, the gnome desktop environment would suggest things like its settings app.
+        '';
+      };
+      enableSuggested = mkOption {
+        type = types.bool;
+        default = true;
+      };
+      dir = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        description = "list of home-relative paths to persist for this package";
+      };
+      private = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        description = "list of home-relative paths to persist (in encrypted format) for this package";
+      };
+    };
+
+    config = {
+      # package can be inferred by the attr name, allowing shorthand like
+      # sane.packages.nano.enable = true;
+      package = mkIf (pkgs ? "${name}") (mkDefault pkgs."${name}");
+
+      # enableFor = mkIf (name == "btrfs-progs") (mkDefault cfg.cryptsetup.enableFor);
+
+      # enable this package if it's in the `suggestedPrograms` of any other enabled program
+      # enableFor = mkMerge (mapAttrsToList (_otherName: otherPkg:
+      #   optionalAttrs
+      #     (otherPkg.enableSuggested && elem name otherPkg.suggestedPrograms)
+      #     (mkDefault otherPkg.enableFor)
+      # ) cfg);
+    };
+
+  });
+  toPkgSpec = types.coercedTo types.package (p: { package = p; }) pkgSpec;
+
+  configs = mapAttrsToList (_name: p: {
+    # conditionally add to system PATH
+    environment.systemPackages = mkIf p.enableFor.system [ p.package ];
+    # conditionally add to user(s) PATH
+    users.users = mapAttrs (user: en: optionalAttrs en {
+      packages = [ p.package ];
+    }) p.enableFor.user;
+    # conditionally persist relevant user dirs
+    sane.users = mapAttrs (user: en: optionalAttrs en {
+      persist.plaintext = p.dir;
+      persist.private = p.private;
+    }) p.enableFor.user;
+  }) cfg;
+in
+{
+  options = {
+    sane.programs = mkOption {
+      type = types.attrsOf toPkgSpec;
+      default = {};
+    };
+  };
+
+  config =
+    let
+      take = f: {
+        environment.systemPackages = f.environment.systemPackages;
+        users.users = f.users.users;
+        sane.users = f.sane.users;
+      };
+    in mkMerge [
+      (take (sane-lib.mkTypedMerge take configs))
+      {
+        # sane.programs.cryptsetup.enableFor = mkDefault cfg.btrfs-progs.enableFor;
+        # sane.programs.cryptsetup.enableFor = mkMerge (mapAttrsToList (otherName: otherPkg:
+        #   optionalAttrs
+        #   (otherName != "cryptsetup")
+        #   (mkDefault otherPkg.enableFor)
+        # ) cfg);
+
+        # sane.programs = mapAttrs (myName: _me: optionalAttrs (myName == "btrfs-progs") {
+        #   enableFor = mkMerge (mapAttrsToList (otherName: otherPkg:
+        #     optionalAttrs
+        #     (otherName != "cryptsetup")
+        #     (mkDefault otherPkg.enableFor)
+        #   ) cfg);
+        # }) cfg;
+      }
+    ];
+}