24 files changed, 51 insertions, 124 deletions
diff --git a/bin/__dispatch.sh b/bin/__dispatch.sh
index 7a18b8b834..dce1cc41cd 100755
--- a/bin/__dispatch.sh
+++ b/bin/__dispatch.sh
@@ -36,7 +36,7 @@ case "${TARGET_TOOL}" in
     attr="third_party.age"
     ;;
   rebuilder)
-    attr="ops.nixos.rebuilder"
+    attr="users.tazjin.nixos.rebuilder"
     ;;
   meson)
     attr="third_party.meson"
diff --git a/ci-builds.nix b/ci-builds.nix
index 35f5eb967a..01f014da49 100644
--- a/ci-builds.nix
+++ b/ci-builds.nix
@@ -19,8 +19,6 @@ with (import ./default.nix {}); [
   ops.kms_pass
   ops.kontemplate
   ops.mq_cli
-  ops.nixos.camdenSystem
-  ops.nixos.frogSystem
   third_party.cgit
   third_party.git
   third_party.lisp # will build all third-party libraries
@@ -31,8 +29,7 @@ with (import ./default.nix {}); [
   web.cgit-taz
   web.tvl
 
-  # Nugget is not currently built because it depends on various things
-  # (such as chromium-vaapi) that don't work in CI.
-  #
-  # ops.nixos.nuggetSystem
+  # tazjin's personal things
+  users.tazjin.nixos.camdenSystem
+  users.tazjin.nixos.frogSystem
 ]
diff --git a/default.nix b/default.nix
index 054b25b920..e34734dc9e 100644
--- a/default.nix
+++ b/default.nix
@@ -41,6 +41,7 @@ let
     presentations = readTree ./presentations;
     third_party   = readTree ./third_party;
     tools         = readTree ./tools;
+    users         = readTree ./users;
     web           = readTree ./web;
   };
 in fix(self: {
diff --git a/ops/nixos/.skip-subtree b/ops/nixos/.skip-subtree
new file mode 100644
index 0000000000..09520f8c83
--- /dev/null
+++ b/ops/nixos/.skip-subtree
@@ -0,0 +1 @@
+NixOS modules are not readTree compatible.
diff --git a/ops/nixos/README.md b/ops/nixos/README.md
index fc90cb4b43..595b4c3344 100644
--- a/ops/nixos/README.md
+++ b/ops/nixos/README.md
@@ -1,20 +1,7 @@
-NixOS configuration
-===================
+NixOS modules
+=============
 
-My NixOS configuration! It configures most of the packages I require
-on my systems, sets up Emacs the way I need and does a bunch of other
-interesting things.
+This folder contains various NixOS modules shared by our NixOS
+configurations.
 
-System configuration lives in folders for each machine and a custom
-fixed point evaluation (similar to standard NixOS module
-configuration) is used to combine configuration together.
-
-Building `ops.nixos.rebuilder` yields a script that will automatically
-build and activate the newest configuration based on the current
-hostname.
-
-## Configured hosts:
-
-* `frog` - weapon of mass computation at home
-* `nugget` - desktop computer at home
-* ~~`urdhva` - T470s~~ (currently with edef)
+It is not read by `readTree`.
diff --git a/ops/nixos/modules/depot.nix b/ops/nixos/depot.nix
index 20220e9f57..2c1b71a2da 100644
--- a/ops/nixos/modules/depot.nix
+++ b/ops/nixos/depot.nix
@@ -4,7 +4,7 @@
 # It needs to be included and configured in each system like this:
 #
 # {
-#   imports = [ ../modules/depot.nix ];
+#   imports = [ "${depot.depotPath}/ops/nixos/depot.nix" ];
 #   inherit depot;
 # }
 { lib, ... }:
diff --git a/ops/nixos/modules/hound.nix b/ops/nixos/hound.nix
index 690055bde3..690055bde3 100644
--- a/ops/nixos/modules/hound.nix
+++ b/ops/nixos/hound.nix
diff --git a/ops/nixos/mail.nix b/ops/nixos/mail.nix
deleted file mode 100644
index ba4ebfa060..0000000000
--- a/ops/nixos/mail.nix
+++ /dev/null
@@ -1,77 +0,0 @@
-# This file configures offlineimap, notmuch and MSMTP.
-#
-# Some manual configuration is required the first time this is
-# applied:
-#
-# 1. Credential setup.
-# 2. Linking of MSMTP config (ln -s /etc/msmtprc ~/.msmtprc)
-# 3. Linking of notmuch config (ln -s /etc/notmuch-config ~/.notmuch-config)
-
-{ config, lib, pkgs, ... }:
-
-let offlineImapConfig = pkgs.writeText "offlineimaprc"
-  (builtins.readFile ./dotfiles/offlineimaprc);
-
-msmtpConfig = pkgs.writeText "msmtprc"
-  (builtins.readFile ./dotfiles/msmtprc);
-
-notmuchConfig = pkgs.writeText "notmuch-config"
-  (builtins.readFile ./dotfiles/notmuch-config);
-
-tagConfig = pkgs.writeText "notmuch-tags" ''
-  # Tag emacs-devel mailing list:
-  -inbox +emacs-devel -- to:emacs-devel@gnu.org OR cc:emacs-devel@gnu.org
-
-  # Tag nix-devel mailing list & discourse:
-  -inbox +nix-devel -- to:nix-devel@googlegroups.com OR from:nixos1@discoursemail.com
-
-  # Tag my own mail (from other devices) as sent:
-  -inbox +sent -- from:mail@tazj.in
-
-  # Drafts are always read, duh.
-  -unread -- tag:draft
-'';
-
-notmuchIndex = pkgs.writeShellScriptBin "notmuch-index" ''
-  echo "Indexing new mails in notmuch"
-
-  # Index new mail
-  ${pkgs.notmuch}/bin/notmuch new
-
-  # Apply tags
-  cat ${tagConfig} | ${pkgs.notmuch}/bin/notmuch tag --batch
-
-  echo "Done indexing new mails"
-'';
-in {
-  # Enable OfflineIMAP timer & service:
-  systemd.user.timers.offlineimap = {
-    description = "OfflineIMAP timer";
-    wantedBy    = [ "timers.target" ];
-
-    timerConfig = {
-      Unit       = "offlineimap.service";
-      OnCalendar = "*:0/2"; # every 2 minutes
-      Persistent = "true"; # persist timer state after reboots
-    };
-  };
-
-  systemd.user.services.offlineimap = {
-    description = "OfflineIMAP service";
-    path = with pkgs; [ pass notmuch ];
-
-    serviceConfig = {
-      Type            = "oneshot";
-      ExecStart       = "${pkgs.offlineimap}/bin/offlineimap -u syslog -o -c ${offlineImapConfig}";
-      ExecStartPost   = "${notmuchIndex}/bin/notmuch-index";
-      TimeoutStartSec = "2min";
-    };
-  };
-
-  # Link configuration files to /etc/ (from where they will be linked
-  # further):
-  environment.etc = {
-    "msmtprc".source = msmtpConfig;
-    "notmuch-config".source = notmuchConfig;
-  };
-}
diff --git a/ops/nixos/modules/.skip-subtree b/ops/nixos/modules/.skip-subtree
deleted file mode 100644
index 80d92f2eb4..0000000000
--- a/ops/nixos/modules/.skip-subtree
+++ /dev/null
@@ -1 +0,0 @@
-The files in this folder are NixOS modules, not readTree-importables.
diff --git a/ops/nixos/modules/monorepo-gerrit.nix b/ops/nixos/monorepo-gerrit.nix
index 58fbb8d206..58fbb8d206 100644
--- a/ops/nixos/modules/monorepo-gerrit.nix
+++ b/ops/nixos/monorepo-gerrit.nix
diff --git a/ops/nixos/modules/smtprelay.nix b/ops/nixos/smtprelay.nix
index ca960f5190..ca960f5190 100644
--- a/ops/nixos/modules/smtprelay.nix
+++ b/ops/nixos/smtprelay.nix
diff --git a/ops/nixos/modules/tvl-slapd/contents.ldif b/ops/nixos/tvl-slapd/contents.ldif
index 4ac5bcecdf..4ac5bcecdf 100644
--- a/ops/nixos/modules/tvl-slapd/contents.ldif
+++ b/ops/nixos/tvl-slapd/contents.ldif
diff --git a/ops/nixos/modules/tvl-slapd/default.nix b/ops/nixos/tvl-slapd/default.nix
index 294a6636d7..294a6636d7 100644
--- a/ops/nixos/modules/tvl-slapd/default.nix
+++ b/ops/nixos/tvl-slapd/default.nix
diff --git a/ops/nixos/modules/tvl-slapd/genpasswd.rb b/ops/nixos/tvl-slapd/genpasswd.rb
index 8f6f8d7584..8f6f8d7584 100644
--- a/ops/nixos/modules/tvl-slapd/genpasswd.rb
+++ b/ops/nixos/tvl-slapd/genpasswd.rb
diff --git a/ops/nixos/modules/v4l2loopback.nix b/ops/nixos/v4l2loopback.nix
index 636b2ff6cf..636b2ff6cf 100644
--- a/ops/nixos/modules/v4l2loopback.nix
+++ b/ops/nixos/v4l2loopback.nix
diff --git a/ops/nixos/dotfiles/config.fish b/users/tazjin/dotfiles/config.fish
index de2c99ae60..de2c99ae60 100644
--- a/ops/nixos/dotfiles/config.fish
+++ b/users/tazjin/dotfiles/config.fish
diff --git a/ops/nixos/dotfiles/msmtprc b/users/tazjin/dotfiles/msmtprc
index 624b6a77fc..624b6a77fc 100644
--- a/ops/nixos/dotfiles/msmtprc
+++ b/users/tazjin/dotfiles/msmtprc
diff --git a/ops/nixos/dotfiles/notmuch-config b/users/tazjin/dotfiles/notmuch-config
index a490774e63..a490774e63 100644
--- a/ops/nixos/dotfiles/notmuch-config
+++ b/users/tazjin/dotfiles/notmuch-config
diff --git a/ops/nixos/dotfiles/offlineimaprc b/users/tazjin/dotfiles/offlineimaprc
index 78315447e4..78315447e4 100644
--- a/ops/nixos/dotfiles/offlineimaprc
+++ b/users/tazjin/dotfiles/offlineimaprc
diff --git a/users/tazjin/nixos/README.md b/users/tazjin/nixos/README.md
new file mode 100644
index 0000000000..fc90cb4b43
--- /dev/null
+++ b/users/tazjin/nixos/README.md
@@ -0,0 +1,20 @@
+NixOS configuration
+===================
+
+My NixOS configuration! It configures most of the packages I require
+on my systems, sets up Emacs the way I need and does a bunch of other
+interesting things.
+
+System configuration lives in folders for each machine and a custom
+fixed point evaluation (similar to standard NixOS module
+configuration) is used to combine configuration together.
+
+Building `ops.nixos.rebuilder` yields a script that will automatically
+build and activate the newest configuration based on the current
+hostname.
+
+## Configured hosts:
+
+* `frog` - weapon of mass computation at home
+* `nugget` - desktop computer at home
+* ~~`urdhva` - T470s~~ (currently with edef)
diff --git a/ops/nixos/camden/default.nix b/users/tazjin/nixos/camden/default.nix
index 32d75147b7..9bdebac5f5 100644
--- a/ops/nixos/camden/default.nix
+++ b/users/tazjin/nixos/camden/default.nix
@@ -15,11 +15,11 @@ config: let
   };
 in lib.fix(self: {
   imports = [
-    ../modules/depot.nix
-    ../modules/hound.nix
-    ../modules/monorepo-gerrit.nix
-    ../modules/smtprelay.nix
-    ../modules/tvl-slapd/default.nix
+    "${depot.depotPath}/ops/nixos/depot.nix"
+    "${depot.depotPath}/ops/nixos/hound.nix"
+    "${depot.depotPath}/ops/nixos/monorepo-gerrit.nix"
+    "${depot.depotPath}/ops/nixos/smtprelay.nix"
+    "${depot.depotPath}/ops/nixos/tvl-slapd/default.nix"
     "${pkgs.nixpkgsSrc}/nixos/modules/services/web-apps/gerrit.nix"
   ];
   depot = depot;
diff --git a/ops/nixos/default.nix b/users/tazjin/nixos/default.nix
index 6f0655f34e..4f8923af79 100644
--- a/ops/nixos/default.nix
+++ b/users/tazjin/nixos/default.nix
@@ -1,3 +1,4 @@
+# TODO(tazjin): Generalise this and move to //ops/nixos
 { depot, lib, ... }:
 
 let
@@ -9,6 +10,13 @@ let
     );
   }).system;
 
+  caseFor = hostname: ''
+    ${hostname})
+      echo "Rebuilding NixOS for //users/tazjin/nixos/${hostname}"
+      system=$(nix-build -E '(import <depot> {}).users.tazjin.nixos.${hostname}System' --no-out-link)
+      ;;
+  '';
+
   rebuilder = depot.third_party.writeShellScriptBin "rebuilder" ''
     set -ue
     if [[ $EUID -ne 0 ]]; then
@@ -17,18 +25,9 @@ let
     fi
 
     case $HOSTNAME in
-    nugget)
-      echo "Rebuilding NixOS for //ops/nixos/nugget"
-      system=$(nix-build -E '(import <depot> {}).ops.nixos.nuggetSystem' --no-out-link)
-      ;;
-    camden)
-      echo "Rebuilding NixOS for //ops/nixos/camden"
-      system=$(nix-build -E '(import <depot> {}).ops.nixos.camdenSystem' --no-out-link)
-      ;;
-    frog)
-      echo "Rebuilding NixOS for //ops/nixos/frog"
-      system=$(nix-build -E '(import <depot> {}).ops.nixos.frogSystem' --no-out-link)
-      ;;
+    ${caseFor "nugget"}
+    ${caseFor "camden"}
+    ${caseFor "frog"}
     *)
       echo "$HOSTNAME is not a known NixOS host!" >&2
       exit 1
@@ -41,7 +40,7 @@ let
 in {
   inherit rebuilder;
 
-  nuggetSystem = systemFor [ depot.ops.nixos.nugget ];
-  camdenSystem = systemFor [ depot.ops.nixos.camden ];
-  frogSystem = systemFor [ depot.ops.nixos.frog ];
+  nuggetSystem = systemFor [ depot.users.tazjin.nixos.nugget ];
+  camdenSystem = systemFor [ depot.users.tazjin.nixos.camden ];
+  frogSystem = systemFor [ depot.users.tazjin.nixos.frog ];
 }
diff --git a/ops/nixos/frog/default.nix b/users/tazjin/nixos/frog/default.nix
index 72b1c9ed36..72b1c9ed36 100644
--- a/ops/nixos/frog/default.nix
+++ b/users/tazjin/nixos/frog/default.nix
diff --git a/ops/nixos/nugget/default.nix b/users/tazjin/nixos/nugget/default.nix
index 7c9530072d..7c9530072d 100644
--- a/ops/nixos/nugget/default.nix
+++ b/users/tazjin/nixos/nugget/default.nix