feat: move to single-user config

modules/features/_noctalia-config.nix

@@ -1,4 +1,5 @@
 {
+  homeDirectory,
   lib,
   terminalPackage,
 }:
@@ -102,7 +103,7 @@
     screenOverrides = [ ];
   };
   general = {
-    avatarImage = "/home/kiri/.face";
+    avatarImage = "${homeDirectory}/.face";
     dimmerOpacity = 0;
     showScreenCorners = false;
     forceBlackScreenCorners = false;
@@ -213,7 +214,7 @@
   wallpaper = {
     enabled = true;
     overviewEnabled = false;
-    directory = "/home/kiri/media/images/wallpapers";
+    directory = "${homeDirectory}/media/images/wallpapers";
     monitorDirectories = [ ];
     enableMultiMonitorDirectories = false;
     showHiddenFiles = false;

modules/features/ai.nix

@@ -1,23 +1,12 @@
-{ inputs, ... }:
+{ inputs, config, ... }:
 let
+  account = config.repo.account;
+
   sharedContext = ''
     # Global Agent Context
 
     Be a concise technical thought partner. Check the premise before executing, optimize for the user's actual outcome, and make important assumptions or tradeoffs visible.
 
-    ## Workflow
-
-    - Respect mode words literally: "read-only", "debug", "investigate", or "do not change code" means no edits; "plan" means produce a decision-complete plan; "implement" means make the smallest useful patch and verify it.
-    - Ask only when the answer cannot be discovered locally and a wrong assumption would materially change the result. Otherwise state the assumption and continue.
-    - Keep responses dense. Lead with the answer, cause, patch result, or recommendation. Avoid long preambles and generic reassurance.
-
-    ## Code Changes
-
-    - Preserve user work. Never revert or overwrite unrelated changes; read dirty files before editing them.
-    - Prefer simple, ergonomic code that matches the existing project style. Avoid future-proofing and new abstractions unless the current problem clearly pays for them.
-    - Before editing, understand the local architecture, dependency manager, formatter, and test commands. After editing, run the narrowest meaningful verification and report what ran.
-    - Do not install dependencies globally or mutate system configuration unless explicitly asked.
-
     ## Machine Environment
 
     - This machine is Nix/NixOS-based. Standard Linux assumptions may be wrong: software is usually provided by flakes, dev shells, `devenv`, `direnv`, or the user's NixOS/Home Manager config rather than `apt`, `dnf`, or global installs.
@@ -93,7 +82,7 @@ in
             "context-remaining"
             "five-hour-limit"
           ];
-          projects.${config.meta.user.account.nixosConfigurationPath}.trust_level = "trusted";
+          projects.${account.nixosConfigurationPath}.trust_level = "trusted";
           sandbox_mode = "workspace-write";
           personality = "pragmatic";
           features.undo = true;

modules/features/bitwarden.nix

@@ -4,6 +4,7 @@
 }:
 let
   repo = config.repo;
+  account = repo.account;
 in
 {
   flake.modules.homeManager.bitwarden =
@@ -12,9 +13,6 @@ in
       pkgs,
       ...
     }:
-    let
-      account = config.meta.user.account;
-    in
     {
       programs.rbw = {
         enable = true;

modules/features/email.nix

@@ -1,4 +1,7 @@
-{ ... }:
+{ config, ... }:
+let
+  account = config.repo.account;
+in
 {
   flake.modules.homeManager.email =
     {
@@ -7,7 +10,6 @@
       ...
     }:
     let
-      account = config.meta.user.account;
       mkOffice365Account =
         {
           address,

modules/features/git.nix

@@ -1,13 +1,13 @@
-{ ... }:
+{ config, ... }:
+let
+  account = config.repo.account;
+in
 {
   flake.modules.homeManager.git =
     {
       config,
       ...
     }:
-    let
-      account = config.meta.user.account;
-    in
     {
       programs.git = {
         enable = true;

modules/features/host-base.nix

@@ -5,7 +5,6 @@
 }:
 let
   nixosModules = config.flake.modules.nixos;
-  homeModules = config.flake.modules.homeManager;
 in
 {
   flake.modules.nixos.host-base = {
@@ -21,7 +20,6 @@ in
       useGlobalPkgs = true;
       backupFileExtension = "bak";
       extraSpecialArgs = { inherit inputs; };
-      sharedModules = [ homeModules.meta ];
     };
 
     security.sudo.extraConfig = ''

modules/features/neovim/default.nix

@@ -1,5 +1,6 @@
 { config, ... }:
 let
+  account = config.repo.account;
   repoTheme = config.repo.theme.kanagawa;
 in
 {
@@ -8,6 +9,7 @@ in
       pkgs,
       config,
       inputs,
+      osConfig,
       ...
     }:
     {
@@ -152,8 +154,8 @@ in
           # Hostname/ConfigDir needed for nixd
           nixdExtras = {
             nixpkgs = "import ${pkgs.path} {}";
-            nixos_options = ''(builtins.getFlake "path://${config.meta.user.account.nixosConfigurationPath}").nixosConfigurations.${config.meta.machine.name}.options'';
-            home_manager_options = ''(builtins.getFlake "path://${config.meta.user.account.nixosConfigurationPath}").nixosConfigurations.${config.meta.machine.name}.options.home-manager.users.type.getSubOptions []'';
+            nixos_options = ''(builtins.getFlake "path://${account.nixosConfigurationPath}").nixosConfigurations.${osConfig.meta.machine.name}.options'';
+            home_manager_options = ''(builtins.getFlake "path://${account.nixosConfigurationPath}").nixosConfigurations.${osConfig.meta.machine.name}.options.home-manager.users.type.getSubOptions []'';
           };
 
           themeSetup = import ./_kanagawa-theme.nix {

modules/features/nh.nix

@@ -1,10 +1,14 @@
+{ config, ... }:
+let
+  account = config.repo.account;
+in
 {
   flake.modules.homeManager.nh =
-    { config, ... }:
+    { ... }:
     {
       programs.nh = {
         enable = true;
-        flake = config.meta.user.account.nixosConfigurationPath;
+        flake = account.nixosConfigurationPath;
       };
     };
 }

modules/features/niri/default.nix

@@ -27,6 +27,7 @@ in
     {
       config,
       lib,
+      osConfig,
       pkgs,
       ...
     }:
@@ -64,7 +65,7 @@ in
               ;
           };
         }
-      ) config.meta.machine.displays;
+      ) osConfig.meta.machine.displays;
     in
     {
       assertions = [

modules/features/noctalia.nix

@@ -9,11 +9,13 @@ let
 
   mkNoctaliaSettings =
     {
+      homeDirectory,
       lib,
       terminalPackage,
     }:
     import ./_noctalia-config.nix {
       inherit
+        homeDirectory
         lib
         terminalPackage
         ;
@@ -21,6 +23,7 @@ let
 
   mkBaseSettings =
     {
+      homeDirectory,
       lib,
       pkgs,
     }:
@@ -34,7 +37,11 @@ let
       { }
     else
       mkNoctaliaSettings {
-        inherit lib terminalPackage;
+        inherit
+          homeDirectory
+          lib
+          terminalPackage
+          ;
       };
 
   mkPortableSettings =
@@ -62,15 +69,23 @@ in
 {
   flake.modules.homeManager.noctalia =
     {
+      config,
       inputs,
       lib,
+      osConfig,
       pkgs,
       ...
     }:
     let
       baseSettings = mkBaseSettings {
         inherit lib pkgs;
+        homeDirectory = config.home.homeDirectory;
       };
+      settings =
+        if baseSettings == { } || !osConfig.meta.machine.portable then
+          baseSettings
+        else
+          mkPortableSettings baseSettings;
     in
     {
       imports = [ inputs.noctalia.homeModules.default ];
@@ -82,34 +97,7 @@ in
             calendarSupport = true;
           }
         );
-
-        settings = baseSettings;
-      };
-    };
-
-  flake.modules.homeManager.noctalia-portable =
-    {
-      inputs,
-      lib,
-      pkgs,
-      ...
-    }:
-    let
-      baseSettings = mkBaseSettings {
-        inherit lib pkgs;
-      };
-    in
-    {
-      imports = [ inputs.noctalia.homeModules.default ];
-
-      programs.noctalia-shell = {
-        enable = true;
-        package = lib.mkForce (
-          inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default.override {
-            calendarSupport = true;
-          }
-        );
-        settings = if baseSettings == { } then { } else mkPortableSettings baseSettings;
+        inherit settings;
       };
     };
 }

modules/features/services/caddy.nix

@@ -6,7 +6,7 @@ in
   flake.modules.nixos.caddy = {
     services.caddy = {
       enable = true;
-      email = repo.contact.email;
+      email = repo.account.primaryEmail.address;
       openFirewall = true;
     };
   };

modules/features/services/openssh.nix

@@ -1,4 +1,7 @@
-{ ... }:
+{ config, ... }:
+let
+  account = config.repo.account;
+in
 {
   flake.modules.nixos.ssh-agent-auth = {
     security.pam = {
@@ -8,10 +11,7 @@
   };
 
   flake.modules.nixos.openssh =
-    {
-      config,
-      ...
-    }:
+    { ... }:
     {
       services.openssh.openFirewall = true;
 
@@ -20,7 +20,7 @@
         settings = {
           PermitRootLogin = "no";
           PasswordAuthentication = false;
-          AllowUsers = builtins.attrNames config.meta.machine.users;
+          AllowUsers = [ account.name ];
         };
       };
     };

modules/features/sops-password.nix

@@ -1,17 +1,13 @@
-{ lib, ... }:
+{ config, ... }:
+let
+  account = config.repo.account;
+in
 {
   flake.modules.nixos.sops-password =
     { config, ... }:
     {
-      sops.secrets = lib.mapAttrs' (
-        userName: _:
-        lib.nameValuePair "hashed-password-${userName}" {
-          neededForUsers = true;
-        }
-      ) config.meta.machine.users;
+      sops.secrets.hashed-password.neededForUsers = true;
 
-      users.users = lib.mapAttrs (userName: _: {
-        hashedPasswordFile = config.sops.secrets."hashed-password-${userName}".path;
-      }) config.meta.machine.users;
+      users.users.${account.name}.hashedPasswordFile = config.sops.secrets.hashed-password.path;
     };
 }

modules/features/source-control.nix

@@ -1,5 +1,6 @@
 { config, lib, ... }:
 let
+  account = config.repo.account;
   homeModules = config.flake.modules.homeManager;
 in
 {
@@ -7,15 +8,14 @@ in
     {
       config,
       lib,
+      osConfig,
       ...
     }:
     let
-      machine = config.meta.machine;
-      user = config.meta.user;
-      account = user.account;
+      machine = osConfig.meta.machine;
       sourceControl = account.sourceControl;
 
-      scopeConfig = scope: user.sourceControl.${scope} or null;
+      scopeConfig = scope: machine.sourceControl.${scope} or null;
 
       emailForScope =
         scope:

modules/features/syncthing.nix

@@ -7,19 +7,18 @@ let
   syncthingMesh = lib.listToAttrs (
     lib.concatMap (
       machine:
-      lib.mapAttrsToList (
-        userName: user:
+      lib.optional (machine.syncthingId != null) (
         let
-          name = "${userName}@${machine.name}";
+          name = "${config.repo.account.name}@${machine.name}";
         in
         {
           inherit name;
           value = {
             inherit name;
-            id = user.syncthingId;
+            id = machine.syncthingId;
           };
         }
-      ) (lib.filterAttrs (_: user: user.syncthingId != null) machine.users)
+      )
     ) (builtins.attrValues config.repo.machines)
   );
 in

modules/features/workstation-base.nix

@@ -2,10 +2,13 @@
 let
   nixosModules = config.flake.modules.nixos;
   homeModules = config.flake.modules.homeManager;
+  account = config.repo.account;
 in
 {
   flake.modules.nixos.workstation-base = {
     imports = [
+      nixosModules.host-base
+
       nixosModules.audio
       nixosModules.bluetooth
       nixosModules.flatpak
@@ -27,6 +30,10 @@ in
 
     programs.nix-ld.enable = true;
     environment.localBinInPath = true;
+
+    home-manager.users.${account.name}.imports = [
+      homeModules.workstation-base
+    ];
   };
 
   flake.modules.homeManager.workstation-base = {
@@ -44,14 +51,17 @@ in
       homeModules.nix
       homeModules.pim
       homeModules.podman
+      homeModules.qbittorrent-client
       homeModules.shell
       homeModules.sops
       homeModules.source-control
       homeModules.ssh-client
+      homeModules.syncthing
       homeModules.terminal
       homeModules.theme
       homeModules.vicinae
       homeModules.xdg
+      homeModules.noctalia
     ];
   };
 }