refactor: simplify shared config contracts

modules/features/meta.nix

@@ -27,6 +27,13 @@ let
 
   hasRequiredScopedEmail = scope: user: scopeEmailCount scope user == 1;
 
+  scopeEmailAddress =
+    scope: user:
+    let
+      emails = lib.filter (email: email.scope == scope) (builtins.attrValues user.emails);
+    in
+    if emails == [ ] then "" else (builtins.head emails).address;
+
   primaryEmailFallback = {
     address = "";
     primary = false;
@@ -125,6 +132,22 @@ let
           type = sourceControlScopeType;
           default = "personal";
         };
+
+        scopes = lib.mkOption {
+          type = lib.types.attrsOf (
+            lib.types.submodule (
+              { ... }:
+              {
+                options.email = lib.mkOption {
+                  type = lib.types.str;
+                  readOnly = true;
+                };
+              }
+            )
+          );
+          readOnly = true;
+          description = "Derived source-control identities keyed by scope.";
+        };
       };
     }
   );
@@ -149,10 +172,6 @@ let
           type = lib.types.str;
         };
 
-        terminalPackagePath = lib.mkOption {
-          type = lib.types.listOf lib.types.str;
-        };
-
         nixosConfigurationPath = lib.mkOption {
           type = lib.types.str;
           default = "${config.homeDirectory}/.config/nixos";
@@ -174,7 +193,12 @@ let
         };
       };
 
-      config.primaryEmail = primaryEmail;
+      config = {
+        primaryEmail = primaryEmail;
+        sourceControl.scopes = lib.genAttrs (requiredSourceControlScopes config) (scope: {
+          email = scopeEmailAddress scope config;
+        });
+      };
     }
   );
 

modules/features/networking.nix

@@ -3,7 +3,6 @@
     networking = {
       firewall.enable = true;
       firewall.allowPing = false;
-      nftables.enable = true;
     };
   };
 

modules/features/niri/default.nix

@@ -56,15 +56,13 @@ in
         }
       ) config.meta.host.displays;
       inputProfiles = metaLib.mkInputProfiles config.meta.host.input;
-      terminal = metaLib.resolveUserTerminal {
+      terminal = metaLib.resolveRepoTerminal {
         inherit pkgs;
-        user = config.meta.user;
       };
     in
     {
       assertions = metaLib.mkTerminalAssertions {
         inherit terminal;
-        user = config.meta.user;
       };
 
       home.sessionVariables.NIXOS_OZONE_WL = "1";
@@ -154,7 +152,7 @@ in
         };
 
         binds =
-          if terminal.hasMainProgram then
+          if terminal.hasPackage then
             import ./_bindings.nix {
               inherit
                 browserCommand

modules/features/noctalia.nix

@@ -6,6 +6,17 @@
 let
   homeModules = config.flake.modules.homeManager;
   metaLib = config.meta.lib;
+  mkNoctaliaSettings =
+    {
+      lib,
+      terminalPackage,
+    }:
+    import ./_noctalia-config.nix {
+      inherit
+        lib
+        terminalPackage
+        ;
+    };
   mkPortableSettings =
     baseSettings:
     lib.recursiveUpdate baseSettings {
@@ -29,38 +40,56 @@ let
     };
 in
 {
-  flake.modules.homeManager.noctalia =
+  flake.modules.homeManager.noctalia-base =
     {
-      inputs,
       config,
       lib,
       pkgs,
       ...
     }:
     let
-      terminal = metaLib.resolveUserTerminal {
+      terminal = metaLib.resolveRepoTerminal {
         inherit pkgs;
-        user = config.meta.user;
       };
       baseSettings =
-        if terminal.hasMainProgram then
-          import ./_noctalia-config.nix {
-            inherit
-              lib
-              ;
+        if terminal.hasPackage then
+          mkNoctaliaSettings {
+            inherit lib;
             terminalPackage = terminal.package;
           }
         else
           { };
     in
     {
-      imports = [ inputs.noctalia.homeModules.default ];
-
-      assertions = metaLib.mkTerminalAssertions {
-        inherit terminal;
-        user = config.meta.user;
+      options.meta.lib.noctaliaBaseSettings = lib.mkOption {
+        type = lib.types.attrs;
+        internal = true;
+        readOnly = true;
       };
 
+      config = {
+        meta.lib.noctaliaBaseSettings = baseSettings;
+
+        assertions = metaLib.mkTerminalAssertions {
+          inherit terminal;
+        };
+      };
+    };
+
+  flake.modules.homeManager.noctalia =
+    {
+      config,
+      inputs,
+      lib,
+      pkgs,
+      ...
+    }:
+    {
+      imports = [
+        homeModules.noctalia-base
+        inputs.noctalia.homeModules.default
+      ];
+
       programs.noctalia-shell = {
         enable = true;
         package = lib.mkForce (
@@ -69,7 +98,7 @@ in
           }
         );
 
-        settings = baseSettings;
+        settings = config.meta.lib.noctaliaBaseSettings;
       };
     };
 
@@ -77,29 +106,15 @@ in
     {
       config,
       lib,
-      pkgs,
       ...
     }:
-    let
-      terminal = metaLib.resolveUserTerminal {
-        inherit pkgs;
-        user = config.meta.user;
-      };
-      baseSettings =
-        if terminal.hasMainProgram then
-          import ./_noctalia-config.nix {
-            inherit
-              lib
-              ;
-            terminalPackage = terminal.package;
-          }
-        else
-          { };
-    in
     {
       imports = [ homeModules.noctalia ];
       programs.noctalia-shell.settings = lib.mkForce (
-        if terminal.hasMainProgram then mkPortableSettings baseSettings else { }
+        if config.meta.lib.noctaliaBaseSettings == { } then
+          { }
+        else
+          mkPortableSettings config.meta.lib.noctaliaBaseSettings
       );
     };
 }

modules/features/source-control.nix

@@ -13,19 +13,19 @@ in
       host = config.meta.host;
       user = config.meta.user;
       sourceControl = user.sourceControl;
+      sourceControlScopes = sourceControl.scopes;
       hostSourceControlUsers = host.sourceControl.users;
       hostUserSourceControl = hostSourceControlUsers.${user.name} or { };
 
-      scopeEmails = scope: lib.filter (email: email.scope == scope) (builtins.attrValues user.emails);
+      scopeConfig = scope: hostUserSourceControl.${scope} or null;
+      scopeIdentity = scope: sourceControlScopes.${scope} or null;
 
       emailForScope =
         scope:
         let
-          emails = scopeEmails scope;
+          identity = scopeIdentity scope;
         in
-        if builtins.length emails == 1 then (builtins.head emails).address else null;
-
-      scopeConfig = scope: hostUserSourceControl.${scope} or null;
+        if identity == null then null else identity.email;
 
       scopeHasSigningKey =
         scope:
@@ -51,10 +51,7 @@ in
         in
         if keyConfig == null then null else keyConfig.publicKey;
 
-      scopesInUse = lib.unique ([
-        "personal"
-        sourceControl.projectScope
-      ]);
+      scopesInUse = builtins.attrNames sourceControlScopes;
 
       allowedSignersLines = map (scope: "${emailForScope scope} ${publicKeyForScope scope}") (
         builtins.filter (scope: emailForScope scope != null && scopeHasSigningKey scope) scopesInUse

modules/features/terminal.nix

@@ -14,17 +14,14 @@ in
     let
       repoTheme = metaRepo.theme.kanagawa;
       palette = repoTheme.palette;
-      terminal = metaLib.resolveUserTerminal {
+      terminal = metaLib.resolveRepoTerminal {
         inherit pkgs;
-        user = config.meta.user;
       };
     in
     {
       assertions = metaLib.mkTerminalAssertions {
         inherit terminal;
-        user = config.meta.user;
         requireDesktopEntry = true;
-        requireKitty = true;
       };
 
       xdg.terminal-exec = {

modules/features/workstation-base.nix

@@ -29,6 +29,13 @@ in
     environment.localBinInPath = true;
   };
 
+  flake.modules.nixos.workstation-host = {
+    imports = [
+      nixosModules.workstation-base
+      nixosModules.qbittorrent-client
+    ];
+  };
+
   flake.modules.homeManager.workstation-base = {
     imports = [
       homeModules.ai